Export Compliance & Trade Controls
v1.0.0Evaluate product export controls, screen destinations and end-users against US sanctions, determine license needs, and generate compliance documentation chec...
⭐ 0· 526·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (export controls, ECCN, OFAC/Entity screening, license guidance) matches the SKILL.md content. There are no unrelated environment variables, binaries, or install steps requested that would be out of scope for this purpose.
Instruction Scope
The SKILL.md stays within the stated purpose (classification, sanctions screening, license determination, red-flag checklist, and document templates). However, it does not specify authoritative data sources or live screening mechanisms (e.g., where to fetch an up-to-date SDN/Entity List or Country Chart). That omission means an agent will either rely on its internal knowledge (which can be outdated) or reach out to external services/APIs to perform live screening — users should confirm how the agent will obtain current denied-party and licensing data. Also, the skill expects users to supply transaction and end-user details (potentially sensitive PII); the instructions do not discuss how to handle or protect that data.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk and no external packages are pulled by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. The level of access requested is minimal and proportionate to its described function.
Persistence & Privilege
The skill is not set to always:true and uses default invocation settings. It does not request persistent installation or modification of other skills or system-wide settings.
Assessment
This skill appears coherent and low-risk in terms of installation and requested privileges, but consider the following before you install or use it:
- Data sources: The SKILL.md does not name authoritative sources for SDN/Entity Lists, Country Charts, or the latest EAR/ITAR guidance. Confirm how the agent will obtain up-to-date denied-party lists (official OFAC downloads, government feeds, or a vetted commercial screening API).
- Not a substitute for counsel: Use the output as a starting point — always have a qualified export compliance officer or external counsel confirm ECCN classifications and license decisions.
- Protect sensitive inputs: You will likely supply product technical details, customer names/addresses, and transaction values. Treat that as sensitive business/PII; avoid pasting highly sensitive technical secrets or export-controlled technical data into an untrusted agent environment.
- Auditability: If you rely on the skill for compliance workflows, ensure you have an audit trail (source of denied-party checks, timestamps, and who reviewed the result).
- Integration caution: If you plan to connect the agent to networked screening services or commercial watchlist APIs, vet those integrations and their credentials separately — the skill does not request or manage them.
If you want higher assurance, ask the skill author to document (a) the authoritative data sources or APIs it expects, and (b) recommended handling for sensitive customer/technical data.Like a lobster shell, security has layers — review code before you run it.
EARvk97dtz3bz0xw6ga6sapbgkem3x81m0f9ECCNvk97dtz3bz0xw6ga6sapbgkem3x81m0f9OFACvk97dtz3bz0xw6ga6sapbgkem3x81m0f9compliancevk97dtz3bz0xw6ga6sapbgkem3x81m0f9exportvk97dtz3bz0xw6ga6sapbgkem3x81m0f9latestvk97dtz3bz0xw6ga6sapbgkem3x81m0f9sanctionsvk97dtz3bz0xw6ga6sapbgkem3x81m0f9tradevk97dtz3bz0xw6ga6sapbgkem3x81m0f9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.