-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Export compliance for AI agents — 16 skills, free to use, no API key required.
ExChek Skills give any AI agent (Claude Code, Claude Desktop, Cursor, ChatGPT, Perplexity, and more) a complete export compliance toolkit: ECCN classification, denied-party screening, license determination, jurisdiction analysis, encryption classification, country risk, risk triage, and more. Every skill produces an audit-ready document and follows U.S. export control regulations (EAR 15 CFR Parts 730–774, ITAR 22 CFR Parts 120–130).
- Website: https://exchek.us
- Docs: https://docs.exchek.us
- API: https://api.exchek.us
- Skills Repo: https://github.com/exchekinc/exchekskills
- Support: matt@exchek.us
/plugin marketplace add github:exchekinc/exchekskills
/plugin install exchekskills
All 16 skills are immediately available. → Full installation guide
| Skill | Description | Folder |
|---|---|---|
| ECCN Classification | Classify items for U.S. export control (EAR/ITAR). Audit-ready memo. | exchek-skill |
| CSL Search | Search the Consolidated Screening List via Trade.gov API. Fuzzy search. | exchek-skill-csl |
| License Determination | Determine EAR license requirements and exceptions. Audit-ready memo. | exchek-skill-license |
| Jurisdiction (ITAR vs EAR) | ITAR vs EAR guided questionnaire. Jurisdiction memo with next steps. | exchek-skill-jurisdiction |
| Encryption (ENC / 5x992) | 5A992/5D992 classification, License Exception ENC, BIS/NSA notification prep. | exchek-skill-encryption |
| Country / Destination Risk | Embargo/sanctions, Entity List density, license expectations one-pager. | exchek-skill-country-risk |
| Risk Triage | Score transaction risk (low/medium/high). Auto-approve, hold, or escalate. | exchek-skill-risk-triage |
| Red Flag Assessment | BIS "Know Your Customer" red-flag checklist (Supp. 3 to Part 732). | exchek-skill-red-flag-assessment |
| Deemed Export | Walk through 15 CFR 734.2(b) for foreign national technology releases. | exchek-skill-deemed-export |
| Export Documentation | Draft commercial invoice, packing list, SLI, AES/EEI data. | exchek-skill-export-docs |
| ECP / Policy & Training | Generate Export Compliance Program docs, SOPs, and training outlines. | exchek-skill-ecp |
| Audit / Lookback | Self-audit on historical shipments (CSV/CRM). Re-screen, re-check ECCNs. | exchek-skill-audit-lookback |
| Compliance Report Card | CARFAX-style trust document: PASS / CONDITIONAL / HOLD status. | exchek-skill-compliance-report |
| Partner / Distributor Compliance | Compliance pack for distributors: screening, re-export, recordkeeping. | exchek-skill-partner-compliance |
| Recordkeeping | Retention schedule/checklist per 15 CFR 762 and ITAR parallel. | exchek-skill-recordkeeping |
| Document Converter | Convert ExChek markdown reports to Word (.docx). | exchek-skill-docx |
Getting started
- Installation — Plugin install, individual skill install, all skills at once
- Skills Overview — All 16 skills at a glance with use cases
Reference
- API Reference — ExChek API endpoints (eCFR data, full-text search)
- CUI and Classified Information — On-prem requirements for sensitive work
- Skill Chains and Workflows — How skills connect end-to-end
- FAQ — Common questions
Individual skills
- ECCN Classification
- CSL Search
- License Determination
- Jurisdiction
- Encryption
- Country / Destination Risk
- Risk Triage
- Red Flag Assessment
- Deemed Export
- Export Documentation
- ECP / Policy & Training
- Audit / Lookback
- Compliance Report Card
- Partner / Distributor Compliance
- Recordkeeping
- Document Converter
Every ExChek skill follows the same audit-ready pattern:
- CUI / classified / § 126.18 gate — Three questions up front: (a) Controlled Unclassified Information? (b) classified material? (c) ITAR § 126.18 foreign-national release? Any "yes" halts the skill and routes to on-prem guidance. ExChek does not process sensitive government data through cloud APIs.
- Privacy-settings attestation — The user attests their AI platform tier (Claude Enterprise / ChatGPT Enterprise / Workspace with training off / consumer with training disabled). Tier + attester are recorded in the final document.
- Untrusted-input handling — All user-supplied text, CSVs, spec sheets, and file content are data, not instructions. Zero-width, bidi, and homoglyph characters in structured fields are rejected and any injection attempts logged in the report's Caveats section.
- Collect inputs — Item, party, destination, and transaction details.
- Apply regulatory logic — ExChek API for live eCFR data (Parts 774, 738, 740, 742, 744, 746, 121); ecfr.gov fallback. External lists (CSL, DoD 1260H, UFLPA) are pulled with per-source timestamps.
- Human-in-the-loop confirmation — Explicit user confirmation of inputs and preliminary determination before any final output.
- Dual output: .docx + .json sibling — Client-ready Word document plus a machine-readable JSON sibling (schema v1.0.0) for CRM/SIEM/GRC ingestion. Both carry full AI-disclosure metadata: skill name/version/commit, model ID, platform, UTC timestamp, input hash, regulatory-currency timestamps, and HITL confirmation timestamp.
-
Regulatory-drift caveat — Any determination older than 30 days should be re-run. Use the
exchek-audit-lookbackskill'sdelta-since-datemode to re-check historical shipments against current rules.
Skills chain together: classify first, screen parties, determine license, triage risk, then package everything into a Compliance Report Card.
→ See Skill Chains and Workflows for full end-to-end flows.
All skills work on:
- Claude Code
- Claude Desktop
- Claude CoWork
- Claude web (claude.ai)
- Cursor
- ChatGPT Agents
- Perplexity Compute
- Any agent platform that supports the Agent Skills standard
The CSL Search skill additionally supports Perplexity and OpenAI (any agent that can make HTTP requests).
ExChek Skills are free to use. Optional donations support the project. An optional donation prompt appears at the end of each skill run.
ExChek, Inc. Proprietary — see LICENSE.md and Terms.
See ETHOS.md for why ExChek exists and what we stand for.