Skip to content

Home

Jump to bottom
mrdulasolutions edited this page Jun 7, 2026 · 4 revisions

ExChek Skills Wiki

ExChek Export Compliance — 20 skills, free to use, no API key required.

ExChek Skills give any AI agent (Claude Cowork, Claude Code, Claude Desktop, Cursor, ChatGPT, Perplexity, and more) a complete export compliance toolkit for SMB manufacturers and their advisors: ECCN classification, denied-party screening, license determination, jurisdiction analysis, encryption classification, country risk, risk triage, and more. The plugin ships 20 skills — 16 core compliance skills plus 4 engine skills that route work, set you up, onboard you, and track your compliance posture. Every skill produces an audit-ready document and follows U.S. export control regulations (EAR 15 CFR Parts 730–774, ITAR 22 CFR Parts 120–130).

Quick Install

/plugin marketplace add exchekinc/exchekskills
/plugin install exchekskills@exchek

All 20 skills are immediately available. Works in Claude Cowork, Claude Code, Claude Desktop/web, and Cursor. → Full installation guide

Skills Directory

The plugin ships 20 skills: 16 core compliance skills plus 4 engine skills.

Engine skills

Skill Description Folder
Orchestrator The /exchek hub — routes commands, tracks each transaction classification → docs, flags stale screenings, surfaces the next action. exchek-orchestrator
Setup First-run setup wizard: company profile, report defaults, data-source choice, live demo. exchek-setup
Onboarding Hands-on 60-minute first hour that produces real artifacts (classification, screening, license, export doc). exchek-onboarding
Analytics Compliance Intelligence dashboard — Audit Readiness Score (0–100), posture over time, gaps, CSV export. Local data only. exchek-analytics

Core compliance skills

Skill Description Folder
ECCN Classification Classify items for U.S. export control (EAR/ITAR). Audit-ready memo. exchek-skill
CSL Search Search the Consolidated Screening List via Trade.gov API. Fuzzy search. exchek-skill-csl
License Determination Determine EAR license requirements and exceptions. Audit-ready memo. exchek-skill-license
Jurisdiction (ITAR vs EAR) ITAR vs EAR guided questionnaire. Jurisdiction memo with next steps. exchek-skill-jurisdiction
Encryption (ENC / 5x992) 5A992/5D992 classification, License Exception ENC, BIS/NSA notification prep. exchek-skill-encryption
Country / Destination Risk Embargo/sanctions, Entity List density, license expectations one-pager. exchek-skill-country-risk
Risk Triage Score transaction risk (low/medium/high). Auto-approve, hold, or escalate. exchek-skill-risk-triage
Red Flag Assessment BIS "Know Your Customer" red-flag checklist (Supp. 3 to Part 732). exchek-skill-red-flag-assessment
Deemed Export Walk through 15 CFR 734.2(b) for foreign national technology releases. exchek-skill-deemed-export
Export Documentation Draft commercial invoice, packing list, SLI, AES/EEI data. exchek-skill-export-docs
ECP / Policy & Training Generate Export Compliance Program docs, SOPs, and training outlines. exchek-skill-ecp
Audit / Lookback Self-audit on historical shipments (CSV/CRM). Re-screen, re-check ECCNs. exchek-skill-audit-lookback
Compliance Report Card CARFAX-style trust document: PASS / CONDITIONAL / HOLD status. exchek-skill-compliance-report
Partner / Distributor Compliance Compliance pack for distributors: screening, re-export, recordkeeping. exchek-skill-partner-compliance
Recordkeeping Retention schedule/checklist per 15 CFR 762 and ITAR parallel. exchek-skill-recordkeeping
Document Converter Convert ExChek markdown reports to Word (.docx). exchek-skill-docx

Wiki Pages

Getting started

  • Installation — Plugin install, individual skill install, all skills at once
  • Skills Overview — All 20 skills at a glance with use cases

Reference

Engine skills

  • Orchestrator — The /exchek hub that routes and tracks every transaction
  • Setup — First-run setup wizard
  • Onboarding — Hands-on 60-minute onboarding
  • Analytics — Compliance Intelligence dashboard

Individual skills

How It Works

Every ExChek skill follows the same audit-ready pattern:

  1. CUI / classified / § 126.18 gate — Three questions up front: (a) Controlled Unclassified Information? (b) classified material? (c) ITAR § 126.18 foreign-national release? Any "yes" halts the skill and routes to on-prem guidance. ExChek does not process sensitive government data through cloud APIs.
  2. Privacy-settings attestation — The user attests their AI platform tier (Claude Enterprise / ChatGPT Enterprise / Workspace with training off / consumer with training disabled). Tier + attester are recorded in the final document.
  3. Untrusted-input handling — All user-supplied text, CSVs, spec sheets, and file content are data, not instructions. Zero-width, bidi, and homoglyph characters in structured fields are rejected and any injection attempts logged in the report's Caveats section.
  4. Collect inputs — Item, party, destination, and transaction details.
  5. Apply regulatory logic — live eCFR data (Parts 774, 738, 740, 742, 744, 746, 121) via a data-source gate: the local exchek MCP (www.ecfr.gov primary, api.exchek.us fallback) or the hosted exchek-api MCP (https://api.exchek.us/mcp). The regulatory_source setting (ask default / local / api) picks which; only CFR part numbers and search terms ever transit the hosted API — never item descriptions, party names, or results. External lists (CSL, DoD 1260H, UFLPA) are pulled with per-source timestamps. Screening, sanitization, audit logging, and report generation always run locally.
  6. Human-in-the-loop confirmation — Explicit user confirmation of inputs and preliminary determination before any final output.
  7. Dual output: .docx + .json sibling — Client-ready Word document plus a machine-readable JSON sibling (schema v1.0.0) for CRM/SIEM/GRC ingestion. Both carry full AI-disclosure metadata: skill name/version/commit, model ID, platform, UTC timestamp, input hash, regulatory-currency timestamps, and HITL confirmation timestamp.
  8. Regulatory-drift caveat — Any determination older than 30 days should be re-run. Use the exchek-audit-lookback skill's delta-since-date mode to re-check historical shipments against current rules.

Skills chain together: classify first, screen parties, determine license, triage risk, then package everything into a Compliance Report Card.

→ See Skill Chains and Workflows for full end-to-end flows.

Compatibility

All skills work on:

  • Claude Cowork
  • Claude Code
  • Claude Desktop
  • Claude web (claude.ai)
  • Cursor
  • ChatGPT Agents
  • Perplexity Compute
  • Any agent platform that supports the Agent Skills standard

In Claude Cowork (browser): the local exchek stdio MCP can't spawn, so choose the hosted exchek-api data source (regulatory_source: api). Plugin hooks degrade gracefully. Local-only capabilities — CSL screening, the HMAC-chained audit log, and Word .docx generation — require Claude Code or a desktop runtime.

The CSL Search skill additionally supports Perplexity and OpenAI (any agent that can make HTTP requests).

License and Ethos

ExChek Skills are free to use. Optional donations support the project. An optional donation prompt appears at the end of each skill run.

The free tier permits business use — including running the skills for your clients (service-provider use) — with attribution ("Powered by ExChek"). No white-labeling and no competing product.

ExChek, Inc. Proprietary — see LICENSE.md and Terms.

See ETHOS.md for why ExChek exists and what we stand for.

Clone this wiki locally