Fraud Prevention Guide
PassAudited by ClawScan on May 13, 2026.
Overview
This is an instruction-only fraud-prevention guide with no code or credentials, but it discusses sensitive customer telemetry and automated order-blocking rules that users should implement carefully.
This appears safe to use as a planning guide. Treat its outputs as recommendations, not automatic production rules: validate thresholds, keep human review for borderline cases, and make sure any device fingerprinting, behavioral tracking, chargeback evidence, or identity verification program complies with PCI, privacy laws, customer notices, and retention limits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Poorly tuned fraud rules could reject legitimate customers or reduce sales.
The guide includes automated decline outcomes that could block real ecommerce orders if the user implements them directly. This is expected for a fraud-prevention framework, but it is a high-impact business action.
| 71–100 | Auto-decline | Decline transaction with generic error message |
Pilot rules on historical data, keep manual review and appeal paths, monitor false positives, and use rollback procedures before deploying automatic blocks.
Customer privacy could be affected if detailed fraud evidence is over-collected, retained too long, or shared with the agent unnecessarily.
The guide recommends collecting and retaining detailed customer, device, behavioral, account, and transaction evidence. This is purpose-aligned for chargeback response, but it creates sensitive records that require privacy controls if used as agent context or stored in a fraud system.
Device data: Browser fingerprint... Network data: IP address... Behavioral data: Session duration... mouse movement patterns... Account data: Account age, purchase history...
Minimize data collection, avoid sharing raw customer records unless necessary, follow PCI/privacy requirements, restrict access, and define retention and deletion policies.