-
Notifications
You must be signed in to change notification settings - Fork 0
FAQ
Common questions about ExChek Skills.
Q: Are ExChek Skills free?
Yes. All 16 skills are free to use with no API key required (except CSL Search, which uses a free Trade.gov key). At the end of each skill run, there's an optional donation prompt — you can skip it with "Just trying."
Q: Do I need an Anthropic subscription to use these?
ExChek Skills work with Claude Code (free tier included), Claude Desktop, Claude CoWork, and Claude web. They also work on Cursor, ChatGPT Agents, Perplexity Compute, and any agent platform supporting the Agent Skills standard.
Q: Can I use these on any AI agent, or only Claude?
Any agent that supports the Agent Skills open standard can use ExChek Skills. Claude agents have the richest experience (file access, document converter, CRM integration), but the skills also work on ChatGPT Agents, Perplexity Compute, Cursor, and others.
Q: How do I install the skills?
See the Installation page. The quickest way:
/plugin marketplace add github:exchekinc/exchekskills
/plugin install exchekskills
Q: How do I update the skills?
Plugin users: /plugin update exchekskills
Manual install users: cd /path/to/exchekskills && git pull && cp -r skills/* ~/.claude/skills/
Q: What regulations do the skills cover?
- EAR: 15 CFR Parts 730–774 (Commerce Control List, Country Chart, License Exceptions, end-use controls, embargoes)
- ITAR: 22 CFR Parts 120–130 (USML jurisdiction — the Jurisdiction skill; ECCN Classification handles USML review)
- Encryption: 15 CFR Part 742 § 742.15, Part 740 § 740.17 (ENC)
- Deemed export: 15 CFR § 734.2(b)
- Recordkeeping: 15 CFR Part 762, 22 CFR Part 122
Q: Can the skills replace my export compliance attorney?
No. Every skill includes a compliance disclaimer. The skills produce assistive analysis and documents. Final classification, license determinations, and compliance decisions are your responsibility and that of your legal or compliance counsel. For high-stakes or ambiguous situations, always recommend counsel.
Q: How current is the regulatory data?
Skills call the ExChek API at runtime, which pulls from live eCFR data. The API falls back to eCFR directly if unavailable. Regulatory data is current as of the time the skill runs. Every report records the exact UTC pull timestamp and which lists/parts were queried, so you can audit what the determination was based on.
Q: How long are determinations valid?
Any determination older than 30 days should be re-run before reliance. Export controls change frequently (Entity List updates, OFAC actions, AC/S IFRs, USML revisions, GL issuances). Use the exchek-audit-lookback skill's delta-since-date mode to re-check historical shipments against current rules without redoing the full workup.
Q: What is the JSON sibling output?
Every skill produces two files: the client-ready .docx and a structured .json sibling (schema v1.0.0) with the same determinations, citations, and metadata in parseable form. The JSON is designed for CRM/SIEM/GRC ingestion — pipe it into Salesforce, ServiceNow, Splunk, or your own compliance dashboard.
Q: How do skills handle untrusted content (pasted emails, CSV rows, spec sheets)?
All user-supplied content is treated as data, never instructions. Skills reject zero-width characters, bidi overrides, and homoglyph tokens in structured fields (party names, ECCNs, paths, URLs). Any attempt to override the CUI gate, privacy-settings confirmation, or HITL gate via embedded instructions is refused and logged in the report's Caveats section.
Q: Do skills ask for confirmation before producing output?
Yes. Every skill has an explicit human-in-the-loop (HITL) confirmation step. You must confirm inputs and the preliminary determination before the skill generates the final .docx + .json. The confirmation timestamp is recorded in the report.
Q: What is the Order of Review and why does it matter?
The Order of Review (Supplement No. 4 to 15 CFR Part 774) is the sequence BIS prescribes for determining whether an item requires a license. It ensures you check the CCL in the right order (600 series first, then 9x515, then specific ECCNs, then EAR99). The ECCN Classification skill applies this order automatically.
Q: What if my item might be on the USML?
Run the Jurisdiction skill first. It answers "ITAR or EAR?" before you classify. If the result is ITAR, contact DDTC or run USML classification for the applicable category. If uncertain, the skill recommends a Commodity Jurisdiction (CJ) request per 22 CFR § 120.4.
Q: The CSL Search skill requires an API key. Where do I get one?
From developer.trade.gov — free, takes about 5 minutes. Sign in, subscribe to Data Services Platform APIs, and copy your key from your Profile.
Q: Does a "no hits" CSL result mean the party is completely cleared?
No. The CSL covers 11 federal lists but not every restricted party. A no-hits result means the party did not appear on the CSL at the time of search — it does not guarantee compliance. Always combine screening with the Red Flag Assessment and document the screening date and result.
Q: How often should I re-screen parties?
Best practice: at transaction initiation, at shipment, and periodically for ongoing relationships. The Audit / Lookback skill can help re-screen historical parties from a CSV.
Q: Why does the skill produce a .docx instead of a PDF?
.docx is editable — you or your team can complete certification fields, add signatures, and customize before filing. Convert to PDF from Word when you need a final signed copy.
Q: Do I need Node.js for the Document Converter?
Yes. The converter script runs in Node.js. If Node.js is not installed or the converter is unavailable, skills output the full report in chat and you can copy it into Word.
Q: On Claude web, why does the skill output the report in chat instead of saving a file?
Claude web doesn't have access to your local file system. Skills detect the environment and fall back to in-chat output. Copy the report into Word or use your browser's export to PDF feature to save it.
Q: Can I use ExChek Skills with classified information?
No. Cloud-based AI agents must not be used with classified information. Every skill begins with a three-question gate: (1) CUI? (2) classified? (3) ITAR § 126.18 foreign-national release? Any "yes" halts the skill and routes to on-prem guidance. See CUI and Classified Information for on-prem setup.
Q: What counts as CUI for this purpose?
ITAR-controlled technical data (22 CFR Part 121), export-controlled technical data with CUI markings, program-specific CUI under a government contract. When in doubt, treat it as CUI and use on-prem. See CUI and Classified Information.
Q: Why does the skill ask about a donation?
ExChek is free and optional donations keep it that way. At the end of each skill run, you'll see three options: donate now, donate later, or just trying. You can always skip it.
Q: How do I donate?
Say "I'll donate now" at the end of a skill run. The skill checks your payment method (wallet/USDC) and helps you send. Or visit https://docs.exchek.us for donation address details.
Q: I found a bug or the skill gave incorrect regulatory output. How do I report it?
Open an issue at github.com/exchekinc/exchekskills/issues or email matt@exchek.us.
Q: Where can I read more about ExChek?
- Website: https://exchek.us
- Docs: https://docs.exchek.us
- API reference: https://docs.exchek.us/docs/api-reference
- Changelog: https://docs.exchek.us/docs/changelog