Fraud Prevention Guide
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: fraud-prevention-guide Version: 1.1.0 The 'Fraud Prevention Guide' skill bundle is a collection of informational markdown documents designed to guide an AI agent in generating fraud prevention frameworks for ecommerce. It contains no executable code, shell commands, or network requests. The instructions in SKILL.md and the supporting reference files (e.g., risk-scoring-reference.md, chargeback-response-guide.md) are strictly aligned with the stated purpose of providing business advice on order screening, velocity detection, and chargeback management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Poorly tuned fraud rules could reject legitimate customers or reduce sales.
The guide includes automated decline outcomes that could block real ecommerce orders if the user implements them directly. This is expected for a fraud-prevention framework, but it is a high-impact business action.
| 71–100 | Auto-decline | Decline transaction with generic error message |
Pilot rules on historical data, keep manual review and appeal paths, monitor false positives, and use rollback procedures before deploying automatic blocks.
Customer privacy could be affected if detailed fraud evidence is over-collected, retained too long, or shared with the agent unnecessarily.
The guide recommends collecting and retaining detailed customer, device, behavioral, account, and transaction evidence. This is purpose-aligned for chargeback response, but it creates sensitive records that require privacy controls if used as agent context or stored in a fraud system.
Device data: Browser fingerprint... Network data: IP address... Behavioral data: Session duration... mouse movement patterns... Account data: Account age, purchase history...
Minimize data collection, avoid sharing raw customer records unless necessary, follow PCI/privacy requirements, restrict access, and define retention and deletion policies.