Eu Sanctions Monitor
v1.0.0Free API for EU sanctions screening and compliance. No subscription required. Screen names and entities against EU consolidated sanctions list. Government da...
⭐ 0· 26·0 current·0 all-time
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name, SKILL.md, README, and src/main.js implement an EU sanctions check, but package.json and many src/handlers are clearly for a 'competitor-pricing-monitor' (Shopify pricing crawlers). The package name/description mismatch and large unrelated handler set are incoherent with the stated purpose and suggest the repo was reused or repackaged without cleaning unrelated code.
Instruction Scope
SKILL.md describes calling an external API (x402.ntriq.co.kr / Apify actor) and makes no mention of the included Shopify handlers; the runtime main.js fetches the official EU XML directly and does a simple substring match. main.js also calls Actor.charge (billing). The instructions and code disagree on service model (SKILL.md says 'No subscription required', but code attempts to charge). The presence of many unrelated handlers grants broad unused runtime surface that should be reviewed.
Install Mechanism
There is no explicit install spec, but a package.json and a large package-lock.json are included — meaning npm dependencies (apify and a large crawler stack) will be installed when run in an environment that honors package.json. The package-lock reveals many third‑party packages (typical for crawlers). One dependency chain references event-stream@3.3.4 (via ps-tree) — historically notable for a past supply-chain compromise — so dependency review is recommended.
Credentials
The skill declares no required environment variables, but README examples and SKILL.md expect Apify usage (examples show APIFY_TOKEN). The code calls Actor.charge which may trigger billing on the Apify account running the actor — this contradicts 'No subscription required' and could cause unexpected charges. No other credentials are requested, which is proportionate, but the billing behavior should be explicit.
Persistence & Privilege
always:false and normal autonomous invocation are fine. However, the skill will perform network I/O (fetching the EU XML and external services listed in SKILL.md) and may attempt to charge the running Apify account. If allowed to run autonomously, it could make remote requests and incur charges — combine that with the repo inconsistencies and exercise caution.
What to consider before installing
Do not install or trust this skill without further verification. Key things to check before using it: (1) Confirm the publisher and homepage (x402.ntriq.co.kr) are legitimate; (2) Ask why package.json and many source files are for a competitor-pricing monitor — ensure unrelated code isn't executed in your environment; (3) Review package-lock dependencies (notably event-stream@3.3.4 in the transitive tree) or run dependency-audit tooling; (4) Understand billing: main.js calls Actor.charge — clarify whether calls will incur micropayments or account charges and remove or disable billing if unwanted; (5) Test in an isolated sandbox/container and review runtime behavior (network endpoints contacted, files written, and any charges logged) before using for production compliance decisions. If you cannot validate the origin or clean the repo, avoid using it for sensitive / regulated workflows.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Eu Sanctions Monitor
Free API for EU sanctions screening and compliance. No subscription required. Screen names and entities against EU consolidated sanctions list. Government data, pay-per-use.
Usage
Available on Apify Store and via x402 micropayments.
Service Catalog
curl https://x402.ntriq.co.kr/services
Features
- AI-powered analysis
- JSON structured output
- Pay-per-use pricing
Powered by
Files
10 totalSelect a file
Select a file to preview.
Comments
Loading comments…