← 返回 Skills 市场
npc7

AMLClaw

作者 npc7 · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
294
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install amlclaw
功能描述
AI-powered crypto AML compliance toolkit. Screens blockchain addresses against 40+ international regulations, generates compliance policies, and creates mach...
使用说明 (SKILL.md)

AMLClaw — AI-Powered Crypto AML Compliance

You are an Expert AML Compliance Agent. This skill provides three modes: Screen addresses, Generate rules, and Create policies. All work out of the box with included defaults.

Quick Start

pip install requests python-dotenv
cp amlclaw/defaults/rulesets/singapore_mas.json ./rules.json
python3 amlclaw/scripts/run_screening.py Tron \x3CADDRESS> --scenario deposit --inflow-hops 3 --outflow-hops 3

Capabilities Overview

Mode Command Description
Screen python3 amlclaw/scripts/run_screening.py ... Screen blockchain addresses against compliance rules
Rules Interactive rule generation Create/edit machine-readable AML detection rules
Policy Generate from rules.json Create formal compliance policy documents

Out-of-the-Box Defaults

AMLClaw ships ready to use:

  • 3 Regional Rulesets: defaults/rulesets/singapore_mas.json, hong_kong_sfc.json, dubai_vara.json
  • 3 Compliance Policies: defaults/policies/singapore_mas.md, hong_kong_sfc.md, dubai_vara.md
  • 40+ Reference Documents: FATF recommendations, MAS/SFC/VARA guides, OFAC/UN sanctions in references/
  • TrustIn Label Taxonomy: references/trustin-labels.md — all valid tag categories

Mode 1: Address Screening

Parameter Gathering

Collect from the user (assume defaults if not specified):

Parameter Required Default Description
Chain Yes Tron, Ethereum, Bitcoin, Solana
Address Yes Blockchain wallet address
Scenario No all Business context filter (see table below)
Direction No Auto from scenario inflow, outflow, or all
Inflow Hops No 3 Depth of inflow trace (1-5)
Outflow Hops No 3 Depth of outflow trace (1-5)
Max Nodes No 100 Branching factor per hop (max 1000)
Time Window No Last 4 years --min-timestamp / --max-timestamp in ms

Scenario Reference

Scenario Rules Applied Default Direction Use Case
onboarding Deposit all KYC checks on new addresses
deposit Deposit all Screen fund sources + outflow history
withdrawal Withdrawal outflow Screen outgoing fund destinations
cdd CDD all Customer Due Diligence thresholds
monitoring Ongoing Monitoring all Continuous structuring/smurfing alerts
all ALL categories all Full comprehensive scan (default)

Pre-flight: Rules Check

Before running, check for ./rules.json in the working directory.

  • If found: Proceed with screening.
  • If missing: Do NOT block. Instead, auto-copy the closest regional default: 
    cp amlclaw/defaults/rulesets/singapore_mas.json ./rules.json
    Inform the user which default was loaded and continue.

Execution

python3 amlclaw/scripts/run_screening.py \x3CChain> \x3CAddress> \
  --scenario \x3Cscenario> \
  --inflow-hops \x3CN> --outflow-hops \x3CN> \
  --max-nodes \x3CN>

Examples:

# Deposit screening
python3 amlclaw/scripts/run_screening.py Tron THaUuZZ... --scenario deposit --inflow-hops 5 --outflow-hops 5

# Withdrawal screening
python3 amlclaw/scripts/run_screening.py Ethereum 0xABC... --scenario withdrawal --outflow-hops 3

# Full scan
python3 amlclaw/scripts/run_screening.py Tron THaUuZZ... --scenario all

Report Generation

After the script completes:

  1. Read prompts/evaluation_prompt.md for report format instructions
  2. Read the generated ./graph_data/risk_paths_\x3Caddress>_\x3Ctimestamp>.json
  3. Cross-reference against ./rules.json
  4. Write the Markdown audit report to ./reports/aml_screening_\x3Caddress>_\x3Ctimestamp>.md
  5. Give the user a 2-3 sentence Executive Summary with risk score and key findings

Core Directive: Never hallucinate risk data. Use only nodes, paths, and tags from the JSON graph.

Mode 2: Rule Generation

Input Options

Present these to the user:

  1. Manual Input — Type or paste rule descriptions directly
  2. Document Analysis — Read policy documents from references/ folder
  3. Web Search — Search for latest regulations on a topic
  4. Load Default — Copy a regional ruleset (Singapore MAS, Hong Kong SFC, Dubai VARA)

Rule Categories

Every rule belongs to exactly one category:

Category Business Meaning Condition Type
Deposit Address risk: inflow sources, outflow history, self-tags path.node.*, target.tags.*
Withdrawal Outflow risk: destination paths, self-tags path.node.*, target.tags.*
CDD Transaction threshold triggers path.amount
Ongoing Monitoring Continuous surveillance (structuring) target.daily_*

Rule Structure

Rules follow schema/rule_schema.json. Key fields:

  • rule_id: Unique identifier (e.g., SG-DPT-DEP-SEVERE-001)
  • category: One of the 4 categories above
  • direction: "inflow" or "outflow" (optional, omit for direction-agnostic)
  • min_hops / max_hops: Hop distance range (optional)
  • conditions: Array of conditions (AND logic)
  • risk_level: Severe, High, Medium, Low
  • action: Freeze, EDD, Flag, Allow

Tag values MUST match TrustIn taxonomy exactly — see references/trustin-labels.md.

Hop-Based Risk Tiering (Pollution Decay)

  • Hop 1 (direct) → Severe/Freeze
  • Hop 2-3 (near) → Severe/Freeze or High/EDD
  • Hop 4-5 (far) → High/EDD (reduced severity)

Validation

After every save to rules.json, run:

python3 amlclaw/scripts/validate_rules.py rules.json

Rule CRUD

Support these operations conversationally:

  • List: Show current rules in Markdown table
  • Add: Extract from text/docs/search → present → confirm → append
  • Update: Modify specific rule fields
  • Delete: Remove by rule_id

Mode 3: Policy Generation

Generate a formal AML compliance policy document from rules.json.

Workflow

  1. Read ./rules.json
  2. Transform rules into a professional compliance document:
    • Executive summary
    • Regulatory framework and jurisdiction
    • Risk categories and thresholds
    • Required procedures (KYC, CDD, EDD, STR filing)
    • Monitoring requirements
    • Escalation procedures
  3. Output as Markdown — offer to save as ./aml_policy.md

Default Policies

Pre-built policy documents are available in defaults/policies/:

  • singapore_mas.md — MAS PSN02/PSN08 compliance
  • hong_kong_sfc.md — SFC AMLO/AML Guidelines
  • dubai_vara.md — VARA Compliance & Risk Management Rules

These can be used as templates or delivered directly.

API Configuration

TrustIn KYA API powers the blockchain data retrieval.

Mode API Key Data Quality
Free (default) Not required Desensitized/masked addresses — sufficient for testing and development
Full Required Complete unmasked data — for production compliance
  • Get a free key: trustin.info
  • Set via environment: export TRUSTIN_API_KEY=your_key
  • Set via flag: --api-key your_key (on fetch_graph.py)
  • Or: Add to .env file in working directory

References

The references/ folder contains 40+ regulatory documents:

  • fatf/ — FATF 40 Recommendations, VA/VASP Guidance, Travel Rule
  • singapore/ — MAS DPT compliance guide
  • hongkong/ — SFC AML compliance guide
  • dubai/ — VARA compliance guide
  • sanctions/ — OFAC, FATF high-risk jurisdictions, UN sanctions
  • trustin-labels.md — Complete TrustIn tag taxonomy (required for rule authoring)

Limitations

  • Single address per screening run (no batch)
  • No real-time monitoring — point-in-time assessment
  • Supported chains: Tron, Ethereum, Bitcoin, Solana (TrustIn coverage)
  • OR logic in rules requires separate rule entries
  • Generated policies are templates, not legal advice
安全使用建议
This repo appears to be a plausible AML screening toolkit, but take these precautions before installing or running it: - Review scripts/trustin_api.py and scripts/run_screening.py to confirm what external endpoints are called and what data they send. Network calls to third-party services are core to function but you should be sure you trust the endpoint. - Because README/SKILL.md mention TRUSTIN_API_KEY and .env, expect the code to accept an API key; the registry metadata did not declare it — treat any API key as sensitive and only provide it after code review. - Back up or inspect any existing ./rules.json before running: the skill will auto-copy a default ruleset into the working directory which can overwrite local configuration. - Verify provenance: 'source: unknown' and no homepage reduce supply-chain confidence. If possible, prefer installing from a verified upstream repository or run the code in an isolated/sandbox environment first. - If you plan to use it with real customer or production data, have a compliance/security engineer audit the code (especially network code and any logging) to ensure no accidental exfiltration of PII or secrets. If you want, I can (1) list the exact files and functions to inspect for network/callouts, (2) summarize what scripts/trustin_api.py appears to do, or (3) show how to run the tool in a safe sandboxed environment.
功能分析
Type: OpenClaw Skill Name: amlclaw Version: 2.0.0 The amlclaw skill bundle is a comprehensive toolkit for crypto AML compliance, providing blockchain address screening and policy generation. The Python scripts (scripts/fetch_graph.py, scripts/extract_risk_paths.py, and scripts/trustin_api.py) interact with the TrustIn KYA API to retrieve and analyze transaction graphs against structured regional rulesets. The code logic is transparent, well-documented, and strictly aligned with the stated purpose; no evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
能力评估
Purpose & Capability
Name, description, SKILL.md, rulesets, policies, and Python scripts all match an AML/compliance screening toolkit: screening addresses, generating rules, and producing policies. The included defaults and large regulatory reference set are coherent with the stated purpose. Minor provenance concern: registry lists 'source: unknown' and no homepage even though README references a GitHub repo.
Instruction Scope
Runtime instructions direct the agent to run local Python scripts, read/write rules.json, read large reference documents, and generate reports — all expected for this skill. The SKILL.md also allows WebSearch and instructs copying a default ruleset into the working directory (which may overwrite an existing ./rules.json). The SKILL.md explicitly mentions TrustIn KYA API usage (desensitized data by default) and advises setting TRUSTIN_API_KEY for full data; however the registry metadata does not declare any required env vars. That mismatch (code/README/SKILL.md referencing an API and .env while registry declares no creds) is notable.
Install Mechanism
No formal install spec in the registry (instruction-only), but files include requirements.txt and the Quick Start recommends pip install requests and python-dotenv. Absence of a registry-level install step is low technical risk but surprising; users should manually inspect requirements.txt and the Python scripts prior to running. No remote binary downloads or obscure URLs were shown in the manifest.
Credentials
Registry declares no required environment variables or primary credential, yet README and SKILL.md reference an optional TRUSTIN_API_KEY and use of a .env (python-dotenv). The codebase contains scripts/trustin_api.py which likely makes network calls to TrustIn endpoints; this implies optional credential usage and network I/O not declared in the registry metadata. The undeclared potential for network calls and optional API key means environment/credential access is under-specified and should be verified before use.
Persistence & Privilege
Skill is not set to always:true and does not request elevated system persistence. Instructions only write/overwrite files under the skill workspace (e.g., copying defaults/rulesets to ./rules.json, writing ./reports/). No evidence of modifying other skills or system-wide config in the provided files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install amlclaw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /amlclaw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Unified skill: Screen addresses, generate rules, create policies. Ships with 40+ regulations, 3 rulesets, 3 policies. TrustIn API key optional.
元数据
Slug amlclaw
版本 2.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

AMLClaw 是什么?

AI-powered crypto AML compliance toolkit. Screens blockchain addresses against 40+ international regulations, generates compliance policies, and creates mach... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 294 次。

如何安装 AMLClaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install amlclaw」即可一键安装,无需额外配置。

AMLClaw 是免费的吗?

是的,AMLClaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

AMLClaw 支持哪些平台?

AMLClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 AMLClaw?

由 npc7(@npc7)开发并维护,当前版本 v2.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论