← 返回 Skills 市场
mcp-sanctions-check
作者
HaveBlue997
· GitHub ↗
· v1.0.0
· MIT-0
114
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install mcp-sanctions-check
功能描述
Check names against the OFAC SDN (Specially Designated Nationals) sanctions list via MCP. Downloads and caches official SDN CSV, auto-refreshes every 24h. Ca...
安全使用建议
This skill appears coherent and implements an OFAC SDN name-checker that downloads the official CSV and caches it locally. Before installing or running it: 1) confirm the npm package name and publisher you will fetch with npx (SKILL.md uses @vbotholemu/mcp-sanctions-check, README references @velocibot — verify which is correct on npm and who the publisher is); 2) be aware npx will download and execute code from the npm registry at runtime — run in an isolated environment if you cannot verify the package; 3) the tool caches data in the OS temp directory (ofac-sdn-cache.csv) and refreshes every 24h; if you need to override the source CSV you can set SDN_URL (undocumented in SKILL.md); and 4) review the package on the npm registry (publisher, versions, recent changes) or inspect the included source before trusting it in production.
功能分析
Type: OpenClaw Skill
Name: mcp-sanctions-check
Version: 1.0.0
The skill provides a legitimate utility for screening names against the official US Treasury OFAC SDN sanctions list. The code (src/index.ts) downloads the official CSV from treasury.gov, caches it in the system's temporary directory, and performs local token-based matching. There is no evidence of data exfiltration, unauthorized network calls, or malicious execution logic.
能力评估
Purpose & Capability
Name, description, SKILL.md, README, package.json and the included source all describe and implement the same functionality: download OFAC SDN CSV, cache it, token-match names, optional country filter, and expose an MCP tool. Required binary (npx) is reasonable given the suggested MCP config using npx.
Instruction Scope
Runtime instructions only direct the agent to run the MCP server via npx and call the check_sanctions tool. The SKILL.md does not instruct reading unrelated files or accessing credentials. The code reads/writes the cache file in the OS temp directory and performs HTTPS GETs to the OFAC URL only.
Install Mechanism
There is no install spec in the skill bundle; SKILL.md recommends launching via npx (npx -y @vbotholemu/mcp-sanctions-check). Using npx will fetch the package from the npm registry at runtime — this is expected but worth noting because it downloads and runs remote code. The SDN download URL is the official treasury.gov CSV (no suspicious endpoints).
Credentials
The skill declares no required env vars, which matches its behavior. The code does accept an override via process.env.SDN_URL (not documented in SKILL.md) — a non-sensitive override but it is an undeclared environment option. No credentials or secret-env-vars are requested.
Persistence & Privilege
The skill writes a cache file to the system temp directory only (CACHE_FILE in os.tmpdir) and refreshes every 24h. It does not request permanent agent-wide privileges or set always:true. It uses the MCP stdio transport (local IPC) — no persistence or elevated privileges observed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mcp-sanctions-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/mcp-sanctions-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish
元数据
常见问题
mcp-sanctions-check 是什么?
Check names against the OFAC SDN (Specially Designated Nationals) sanctions list via MCP. Downloads and caches official SDN CSV, auto-refreshes every 24h. Ca... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 114 次。
如何安装 mcp-sanctions-check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mcp-sanctions-check」即可一键安装,无需额外配置。
mcp-sanctions-check 是免费的吗?
是的,mcp-sanctions-check 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
mcp-sanctions-check 支持哪些平台?
mcp-sanctions-check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 mcp-sanctions-check?
由 HaveBlue997(@haveblue997)开发并维护,当前版本 v1.0.0。
推荐 Skills