功能描述

MiCA compliance evidence and stablecoin risk scoring for regulated tokenized markets. 27 MCP tools with ES256K-signed responses. Use when the user explicitly...

使用说明 (SKILL.md)

FeedOracle Compliance Intelligence

Name: FeedOracle Compliance Intelligence
Author: feedoracle

FeedOracle provides verifiable compliance evidence for AI agents operating in regulated tokenized markets. Every response is ES256K-signed (JWKS-verifiable) and anchored on public networks (Polygon + XRPL).

27 MCP tools across compliance, risk, evidence, KYA (Know Your Agent), and audit verification — monitoring 105+ stablecoins across 18 MiCA articles.

MCP Server URL: https://feedoracle.io/mcp/ Auth: Free tier requires no API key (300 units/day). Optional FEEDORACLE_API_KEY for higher limits. Privacy Policy: https://feedoracle.io/privacy Trust Policy: https://github.com/feedoracle/feedoracle-mcp/blob/main/docs/TRUST_POLICY.md

Authentication

Tier	API Key?	Limits
Free	Not required	300 units/day, read-only tools
Pro	Optional `FEEDORACLE_API_KEY`	15,000 units/mo
Agent	Optional `FEEDORACLE_API_KEY`	150,000 units/mo
Enterprise	Custom	Unlimited

No environment variables are required. The free tier works without any configuration.

When to use this skill

Use this skill only when the user explicitly requests one of the following:

Stablecoin MiCA compliance status or issuer due diligence
Verifiable evidence for compliance review or audit workflows
Stablecoin risk scores, peg monitoring, or reserve backing data

This skill does NOT auto-invoke. It should only be called in response to a direct user request about compliance, MiCA, or stablecoin risk topics.

Data Handling & Privacy

What each tool sends to feedoracle.io

Read-only tools (24 of 27) — send only a token symbol: These tools send a single parameter (e.g. token_symbol: "USDC") and receive signed evidence back. No conversation content, no user data, no PII is transmitted.

Includes: compliance_preflight, mica_status, mica_full_pack, mica_market_overview, peg_deviation, peg_history, significant_issuer, interest_check, document_compliance, reserve_quality, rlusd_integrity, evidence_profile, evidence_leaderboard, evidence_bundle, custody_risk, market_liquidity, macro_risk, ai_explain, ai_provenance, kya_status, audit_query, audit_verify, ping, generate_report

ai_query — sends question text (user-initiated only): This tool sends the user's natural language question to feedoracle.io for routing to the correct evidence API. Only invoke when the user explicitly asks a compliance question. Do not send conversation history, PII, or unrelated text.

Sent	NOT sent
The specific question text	Conversation history
Optional token symbol	User identity or PII

kya_register — sends agent metadata (user-initiated only): Registers an agent identity for trust scoring. Only invoke when the user explicitly requests agent registration.

Sent	NOT sent
Agent name, purpose, org name	Conversation content
Contact email (user-provided)	User browsing data

audit_log — sends decision text (user-initiated only): Logs a compliance decision with evidence references. Only invoke when the user explicitly requests decision logging.

Sent	NOT sent
Decision (PASS/WARN/BLOCK)	Full conversation logs
Reasoning text (user-provided)	User identity or PII
Evidence request IDs	Unrelated context

Data retention

Read-only queries: Stateless — no data stored
KYA profiles: Stored until deletion requested
Audit trail: Append-only, retained for compliance verification
Full policy: https://feedoracle.io/privacy
GDPR: Operated from Germany, Art. 6(1)(b)

MCP Tools (27)

Compliance — 11 tools (read-only, sends token symbol only)

Tool	Description
`compliance_preflight`	Pre-flight PASS/WARN/BLOCK decision
`mica_status`	MiCA authorization status (ESMA/EBA cross-referenced)
`mica_full_pack`	Full 12-article MiCA evidence pack
`mica_market_overview`	Market-wide MiCA status dashboard
`peg_deviation`	Real-time Art. 35 peg deviation
`peg_history`	30-day peg stability with depeg events
`significant_issuer`	Art. 45/58 significant issuer check
`interest_check`	Art. 23/52 interest prohibition scan
`document_compliance`	Art. 29/30/55 recovery/redemption/audit
`reserve_quality`	Art. 24/25/53 reserve composition
`rlusd_integrity`	RLUSD reserve attestation

Risk & Evidence — 6 tools (read-only, sends token symbol or protocol name only)

Tool	Description
`evidence_profile`	Multi-dimensional evidence grade A-F
`evidence_leaderboard`	Top protocols by evidence grade
`evidence_bundle`	Multi-framework evidence aggregation
`custody_risk`	Custodian SIFI status, concentration risk
`market_liquidity`	DEX liquidity depth, exit channels
`macro_risk`	US macro risk composite (86 FRED series)

AI Gateway — 3 tools

Tool	Description	Data sent
`ai_query`	Natural language evidence query	Question text (user-initiated only)
`ai_explain`	Grade explanation with counterfactual	Token symbol only
`ai_provenance`	Cryptographic provenance chain	Token symbol only

KYA (Know Your Agent) — 2 tools

Tool	Description	Data sent
`kya_register`	Register agent identity (user-initiated only)	Agent metadata (name, purpose, org, email)
`kya_status`	Check trust level (read-only)	Client ID only

Audit Trail — 3 tools

Tool	Description	Data sent
`audit_log`	Log decision (user-initiated only)	Decision, reasoning, evidence IDs
`audit_query`	Query history (read-only)	Client ID only
`audit_verify`	Verify chain integrity (read-only)	Client ID only

System — 2 tools

Tool	Description	Data sent
`ping`	Connectivity test	Nothing
`generate_report`	Signed PDF report (requires API key)	Report type only

Behavior Instructions

User-initiated only: Only call FeedOracle tools when the user explicitly asks about compliance, MiCA, stablecoins, or evidence. Never auto-invoke.
Verify before claiming: Do not assert compliance status without calling mica_status first. Present data and let the user decide.
Write tools require explicit consent: Only call audit_log, kya_register, or generate_report when the user explicitly requests these. Never auto-invoke write tools.
Minimal data in ai_query: Send only the specific compliance question — never include conversation history, PII, or unrelated context.
Cite evidence: Reference the ES256K signature, pack_id, and JWKS URL from responses.
Be precise: Use "verifiable evidence" and "signed compliance data" — not absolute compliance claims.

Controlling Invocation Scope

This skill is designed to be invoked only on explicit user request. If your agent framework supports trigger configuration:

Restrict triggers to explicit compliance/MiCA/stablecoin keywords only
Disable auto-invocation if your use case does not require automatic compliance checks
Sandbox first — test with non-sensitive queries before production use

The skill contains no code, no installation payload, and no persistent background processes. All external communication is to feedoracle.io over HTTPS only.

Connection

# Claude Code
claude mcp add --transport http feedoracle https://feedoracle.io/mcp/

# Claude Desktop (claude_desktop_config.json)
{
  "mcpServers": {
    "feedoracle": {
      "url": "https://feedoracle.io/mcp/"
    }
  }
}

Error Handling

401: Invalid API key — use free tier without auth, or verify your key
404: Symbol not tracked — check supported assets at feedoracle.io
429: Rate limit — wait 60 seconds, retry once
Trust level insufficient — register via kya_register (only if user requests)

API keys: feedoracle.io/pricing | Docs: github.com/feedoracle/feedoracle-mcp

安全使用建议

This skill appears to do what it says: it calls feedoracle.io endpoints and returns signed evidence. Before installing, confirm you are comfortable with queries being sent to an external service (feedoracle.io). Do not include PII or sensitive conversation history in user questions, agent registration, or audit entries — the skill documents that such data should not be sent but will accept whatever the agent/user supplies. If you require strict prevention of autonomous calls, either change platform settings to disable model invocation for this skill or verify that your agent honors the SKILL.md 'user-request-only' policy. Optionally verify the service's JWKS URL and trust policy (links in README) before relying on cryptographic evidence. Minor notes: docs include a small version mismatch (SKILL.md v1.2.2 vs registry v1.2.3) and README references an npx install path despite there being no install spec here — these are documentation inconsistencies worth confirming with the publisher but do not indicate malicious behavior.

功能分析

Type: OpenClaw Skill Name: feedoracle-compliance Version: 1.2.3 The skill bundle provides a configuration and instruction set for an AI agent to interact with the FeedOracle MCP server (feedoracle.io) for MiCA compliance and stablecoin risk data. It contains no executable code and includes explicit, defensive instructions for the agent to protect user privacy, such as forbidding the transmission of conversation history or PII and requiring explicit user consent before invoking 'write' tools or registration functions (SKILL.md). The behavior is well-documented and strictly aligned with the stated purpose of providing verifiable compliance evidence.

能力评估

✓ Purpose & Capability

Name/description match the runtime behavior: it queries feedoracle.io MCP endpoints for MiCA/stablecoin evidence. Declared required binary (curl) and optional FEEDORACLE_API_KEY align with the described API-based workflow. No unrelated credentials, binaries, or config paths are requested.

ℹ Instruction Scope

SKILL.md clearly restricts what is sent: read-only tools send only a token symbol, ai_query sends only the explicit question text, and user-initiated tools (kya_register, audit_log) send agent metadata or decision text. This scope is appropriate for the stated purpose. Caveat: because this is instruction-only, accidental inclusion of PII or conversation context in user-supplied questions or decision text remains possible — the skill relies on the agent (and user) to follow the guidance.

✓ Install Mechanism

No install spec or downloaded code — instruction-only skill. This is the lowest-risk install posture; nothing is written to disk by the skill package itself.

✓ Credentials

No required environment variables are declared. An optional FEEDORACLE_API_KEY is documented for higher rate limits, which is proportionate to the advertised tiers. There are no unexplained SECRET/TOKEN requirements.

ℹ Persistence & Privilege

Skill metadata uses default platform settings (user-invocable true, disable-model-invocation false) which permit autonomous invocation, but the SKILL.md repeatedly instructs the agent not to auto-invoke and to call the tool only on explicit user requests. This is a minor inconsistency between runtime guidance and platform invocation defaults — not itself malicious, but worth confirming with host policy or turning off autonomous invocation if you require enforced user-only calls.

版本历史

v1.2.3

feedoracle-compliance 1.2.3 - README.md updated; no changes to code or SKILL.md. - No functional or behavioral changes in this release.

v1.2.2

**Summary:** Tightened invocation rules, clarified privacy, and reduced automatic triggers. - Skill now requires explicit user requests for compliance, MiCA, or stablecoin evidence; auto-invocation is disabled. - SKILL.md updated with a stricter usage policy and clearer data handling details. - Authentication section simplified; API key is now fully optional, environment variables no longer required. - Tool descriptions now specify exactly what data is sent; most tools transmit only a token symbol. - Behavioral guidelines added: only use write tools (e.g. audit_log, kya_register) on explicit user instruction, never send conversation or PII. - Skill description and overview are more concise and focused on privacy and controlled usage.

v1.2.1

feedoracle-compliance v1.2.1 - Clarified that the FEEDORACLE_API_KEY environment variable is now optional, not required for free tier usage. - Added detailed authentication model table describing API key requirements and available tiers. - Improved privacy and data handling documentation, including exactly what data is sent and stored by each tool category. - Updated tool list to specify which tools are read-only and which require explicit user initiation (e.g., KYA registration, audit logging). - Refined usage instructions: clarified that agent identity registration and decision logging may only be invoked upon explicit user request. - Minor text and formatting updates for clarity and compliance.

v1.2.0

feedoracle-compliance v1.2.0 - Added agent identity (KYA) and trust score workflows, enabling agent registration and trust status checks. - Introduced tamper-proof audit logging and verification tools for decision traceability. - Expanded from 5 to 27 MCP tools, covering compliance, risk, evidence, KYA, and audit functions. - Enhanced cryptographic assurance: all responses now use ES256K signatures (JWKS-verifiable). - Updated error handling and authentication options, with free tier (no auth) now available. - Documentation now includes detailed tool descriptions, trust level info, and connection instructions.

v1.1.1

- Updated SKILL.md to clarify network anchoring is on "public networks (Polygon + XRPL)" instead of just "on-chain". - Streamlined compliance evidence language to emphasize independently checkable, replayable regulatory proof. - Added/updated guidance on evidence sourcing, audit, and workflow precision. - Minor adjustments to error and onboarding instructions (e.g. phrasing of API key availability).

v1.1.0

feedoracle-compliance v1.1.0 - Expanded skill description and usage triggers for greater clarity and broader coverage of compliance, audit, and due diligence scenarios. - Enhanced endpoint documentation to highlight cryptographic signatures, audit trails, and independent verification features. - Added explicit guidance for referencing evidence (Polygon TX hash, ECDSA signature) and using precise compliance terminology. - Clarified error handling instructions and updated compliance workflow best practices. - Updated and restructured the documentation for easier use in audit and regulatory contexts.

v1.0.1

- Documentation update only; no changes to functionality or endpoints. - README.md clarified skill usage, endpoint examples, and error handling. - Improved instructions for when to trigger the skill and how to handle audit evidence. - No code changes; version and API details remain the same.

v1.0.0

Initial release of FeedOracle Compliance Intelligence. - Provides MiCA compliance and stablecoin risk scoring for EUR/USD-pegged tokens. - Offers real-time verification of stablecoin issuers against ESMA/EBA registers. - Returns macroeconomic indicators relevant to crypto regulation (e.g., ECB rates, FRED data). - Supplies audit-grade, on-chain verifiable evidence for compliance audits. - Includes endpoints for stablecoin risk, MiCA status, issuer registry lookup, macro data, and signed evidence bundles.

元数据

Slug feedoracle-compliance

版本 1.2.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 8

常见问题