Retrospective Audit / Lookback skill (exchek-audit-lookback)

The ExChek retrospective audit / lookback skill runs a self-audit on historical shipments or transactions. You provide a CSV or CRM export; the skill guides re-screening of parties (e.g. via ExChek CSL skill or your screening tool) and re-check of ECCNs and license determinations against today's rules, then produces a self-audit report with findings, risk rating, and remediation suggestions. The skill does not perform classification, screening, or license determination—it consumes historical data and (optionally) current screening results and produces the report. No API key required. Free; optional donation.

What you need

• Skill installed — Copy the exchek-audit-lookback folder from the exchekskills repo into your agent's skills directory. See Install the ExChek skills.
• Historical data — CSV or CRM export with at least: transaction/shipment ID, date, party name(s) (consignee or end user), ECCN, destination country. Optional: end use, license/exception, screening result at time.
• Re-screening (optional but recommended) — After the skill extracts unique parties, you re-screen them (e.g. with exchek-csl or your tool) and provide current results so the report can flag "party now on list" or "re-screen recommended."

How to use

1. Install the skill — From the exchekskills repo, copy exchek-audit-lookback into your agent's skills path (e.g. ~/.claude/skills/exchek-audit-lookback):

   git clone https://github.com/mrdulasolutions/exchekskills exchekskills && cp -r exchekskills/exchek-audit-lookback ~/.claude/skills/exchek-audit-lookback
2. Ask for a lookback or self-audit — Say things like:
   • "Audit my historical shipments"
   • "Lookback on last year's exports"
   • "Re-screen parties from this CSV"
   • "Self-audit report for these transactions"
   • "Flag where controls or licensing might be wrong now"
3. Provide your CSV or CRM export — The agent will parse it and confirm column mapping if headers differ from the expected names (transaction ID, date, party, ECCN, destination). It will summarize scope: date range, number of transactions, number of unique parties.
4. Re-screen path — The agent extracts unique parties and asks you to re-screen them (exchek-csl or your tool) and provide current results (pasted or file). It then merges results and builds screening-related findings (new hit, re-screen recommended, no change).
5. Get the self-audit report — The agent fills the Self-Audit Report template: scope, findings table (screening / ECCN re-check / license re-check), overall risk rating, remediation summary, AI disclosure. You can save as Markdown and optionally as Word (.docx) or Apple Pages.

What the skill does not do

The skill does not perform classification, screening, or license determination. It does not call the CSL API or classification/license APIs. It consumes your historical data and (optionally) current screening results, flags where re-classification or re-run license determination is recommended, and produces the self-audit report. Final compliance decisions and remediation are your responsibility.

CUI and classified information

If the item or any information involves Controlled Unclassified Information (CUI) or classified information, do not use cloud APIs or LLMs. Run the skill on-premises with a local LLM. See CUI / Classified Information.