← 返回 Skills 市场

MistTrack Skills

Name: MistTrack Skills
Author: misttrack

作者 MistTrack · GitHub ↗ · v0.2.12 · MIT-0

cross-platform ✓ 安全检测通过

307

总下载

当前安装

版本数

在 OpenClaw 中安装

/install misttrack-aml-skills

功能描述

Cryptocurrency address risk analysis, AML compliance checks, and on-chain transaction tracing using the MistTrack OpenAPI. MistTrack is an anti-money launder...

安全使用建议

This skill is coherent with its described purpose, but take these precautions before installing or enabling it in an agent pipeline: - Verify source: registry metadata in the package header claims unknown source/homepage while embedded metadata/README reference a GitHub repo — confirm the canonical repository (and review it) before trusting the package. - Prefer using MISTTRACK_API_KEY (read-only) for routine checks. Do not provide private keys unless you intentionally need on-chain signing. - If you must use x402 payments: store the private key in a file with strict permissions (chmod 600) and pass it only via --key-file when running pay.py; avoid placing private keys in environment variables or command-line args. The package already refuses X402_PRIVATE_KEY env var and enforces a $1 USDC hard cap per call, but these mitigations do not eliminate risk if the agent autonomously calls pay.py with a key file. - On agent platforms: ensure the payment sub-skill is not invoked autonomously (platforms that honor disable_model_calls can block it; others may not). Never enable automated "--auto" payment flows in production. - Audit the scripts before running in production (they perform network calls to https://openapi.misttrack.io and signing operations). Run them in an isolated/test account first to validate behavior and rate limits. If you want, I can: (1) point out exactly where pay.py enforces the $1 cap and where it checks/refuses an env var, (2) search the code for any other network endpoints, or (3) produce a minimal checklist you can follow when enabling this skill in an automated wallet pipeline.

功能分析

Type: OpenClaw Skill Name: misttrack-aml-skills Version: 0.2.12 This skill bundle provides a comprehensive toolkit for cryptocurrency AML analysis and transaction tracing via the MistTrack API. It includes scripts for risk scoring, address investigation, and multisig analysis across multiple blockchains (BTC, ETH, TRX, etc.). While `scripts/pay.py` enables on-chain USDC payments using the x402 protocol, it implements robust security controls, including a hard-coded $1.00 USDC per-call cap and a strict requirement for file-based private key input (explicitly refusing environment variables to prevent accidental exposure). The documentation (SKILL.md, skills/payment.md) clearly flags these high-risk capabilities and includes a `disable_model_calls` directive to prevent unauthorized autonomous execution by agents. No evidence of malicious intent, data exfiltration, or obfuscation was found.

能力评估

ℹ Purpose & Capability

The name/description (MistTrack AML + on-chain tracing) aligns with what the code does: the scripts call openapi.misttrack.io for risk_score/address_labels and include an optional pay.py to perform x402 EVM/Solana signing. One minor inconsistency: registry-level metadata in the submission header lists source/homepage as unknown/none, while metadata.json/README claim a GitHub origin — verify the real source before trusting.

ℹ Instruction Scope

SKILL.md and the scripts stay within the declared purpose: read-only AML lookups use MISTTRACK_API_KEY and call MistTrack endpoints; the payment flow (pay.py) explicitly reads a key file and signs x402 payments. The payment behavior is a higher-privilege action (sign+broadcast) but it is documented, enforces a $1 USDC per-call hard cap, and refuses an X402_PRIVATE_KEY env var. Platforms that permit autonomous model invocation may still cause unattended payments if an operator supplies --key-file and allows auto flags; the package documents this risk and recommends blocking autonomous calls for payment flows.

✓ Install Mechanism

Instruction-only skill with Python scripts; no installer or remote archive downloads. Dependencies are documented via requirements.txt/requirements-pay.txt. No high-risk install URLs or opaque installers observed.

✓ Credentials

Only an optional MISTTRACK_API_KEY is declared. The payment path requires a private key file passed explicitly via --key-file; the package explicitly refuses an environment-based private key. No unrelated credentials or broad environment access are requested.

✓ Persistence & Privilege

always:false and no evidence the skill requests permanent system presence or modifies other skill configs. The package does not request platform-level privileges. Autonomous invocation is allowed by default (normal for skills) — note this only matters if you enable payment automation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install misttrack-aml-skills
安装完成后，直接呼叫该 Skill 的名称或使用 /misttrack-aml-skills 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.2.12

**Changelog for misttrack-aml-skills v0.2.12** - Updated documentation to clarify x402 key handling: private keys must now be supplied via `--key-file` instead of environment variables. - README and SKILL metadata now emphasize that `X402_PRIVATE_KEY` in the environment is prohibited and only `--key-file` is accepted. - Security section improved with clearer guidance for operators and revised recommended practices. - Minor corrections and wording adjustments throughout documentation for accuracy and clarity.

v0.2.11

**Summary:** This update tightens security for pay-per-use calls by prohibiting use of `X402_PRIVATE_KEY` as an environment variable—private keys must now be supplied at invocation time only. - `X402_PRIVATE_KEY` environment variable is no longer supported; any attempt to use it causes `pay.py` to exit with an error. - Private keys for x402 pay-per-use must now be provided via the `--private-key` or `--key-file` option at script invocation. - References and instructions for `X402_PRIVATE_KEY` were removed from configuration and documentation. - All other functionality, dependencies, and usage remain unchanged.

v0.2.10

Version 0.2.10 - Expanded and clarified the security section for x402 private key usage, now detailing strict runtime enforcements: - Hard cap of $1.00 USDC enforced per call, regardless of flags. - Blocking of unattended `--auto` payments when key is supplied via environment variable; explicit `--private-key` CLI passing is now required for unattended use. - Stderr warning printed on every invocation when `X402_PRIVATE_KEY` is present. - Updated environment variable documentation to match actual runtime enforcement and guidance. - Revised dependency installation instructions to reference `requirements.txt` and `requirements-pay.txt` for clarity. - No changes in functionality; documentation and safety details only.

v0.2.9

- Added requirements.txt and requirements-pay.txt to explicitly specify Python dependencies. - No changes to code or user-facing documentation, except for the addition of dependency files.

v0.2.8

Version 0.2.8 of misttrack-aml-skills - No file changes detected in this release. - All documentation, usage instructions, and security recommendations remain unchanged from the previous version. - Maintains support for API key and x402 pay-per-use authentication models with detailed environment variable guidance. - Safety and security advisories for payment features are reinforced in the documentation.

v0.2.7

misttrack-aml-skills v0.2.7 - Updated scripts/batch_risk_check.py. - No SKILL.md or documentation changes.

v0.2.6

- Removed the internal metadata file (_meta.json) from the project. - No user-facing functionality, features, or documentation were changed. - All skill usage, security notes, and environment variable handling remain unchanged.

v0.2.5

No user-facing changes in this release. - Version bumped to 0.2.5. - No file changes detected; documentation and features remain unchanged.

v0.2.4

- Added _meta.json file to support enhanced skill metadata. - No functional or interface changes to core scripts or documentation. - Version bump to 0.2.4 with metadata infrastructure improvements.

v0.2.3

- Changed MISTTRACK_API_KEY from required to optional; clarified that it is recommended, with x402 as fallback. - Updated environment variable documentation to reflect that neither variable is strictly required, but one is needed for use. - Expanded Security section to clarify the meaning and enforcement of disable_model_calls and platform-dependent behavior. - Improved language around x402 usage and automation risks. - No functional or code changes; documentation only.

v0.2.2

- SKILL.md fully rewritten in English for clarity and broader audience. - Major new security section: details risks, safe usage, and best practices for X402_PRIVATE_KEY; clarifies agent/automation controls. - Environment variable descriptions now explicitly note required/sensitive status, including warnings for private key usage. - Python dependency list with install instructions and per-script requirements added. - Table and procedural documentation standardized: sub-skill/function index, script references, and usage examples improved for quick reference. - No code or functional logic changes; documentation and guidance update only.

v0.2.1

- Added required_env_vars and optional_env_vars to SKILL.md, clarifying necessary and optional environment variables. - Specified that MISTTRACK_API_KEY is required for API authentication, with X402_PRIVATE_KEY as an alternative for pay-per-use scenarios. - No other functional or file changes detected in this version.

v0.2.0

Version 0.2.0 - Major update: Added modularized skill documentation and new scripts for expanded AML and payment functionalities. - Added `skills/core.md` and `skills/payment.md` for clear separation of core AML functions and x402 pay-per-use. - Introduced new scripts: multisig analysis (`multisig_analysis.py`) and x402 pay-per-call client (`pay.py`). - Provided quickstart commands and detailed usage guidance for transfer security, address investigation, and payment. - Updated environment variable instructions and index of available scripts for ease of use.

v0.1.0

MistTrack AML Skills v0.1.0 – Initial Release - Provides cryptocurrency address risk analysis and AML compliance screening using MistTrack OpenAPI. - Supports major blockchains: BTC, ETH, TRX, BNB, Polygon, Arbitrum, Optimism, Base, Avalanche, Solana, Litecoin, Dogecoin, Bitcoin Cash, Merlin, HashKey, SUI, IoTeX, and more. - Key features: address risk scoring, label query, transaction investigation, address overview, and risk report generation. - Details API endpoints, rate limits, supported chains/tokens, and common error messages. - Comprehensive documentation for all API request/response formats.

元数据

Slug misttrack-aml-skills

版本 0.2.12

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 14

常见问题

MistTrack Skills 是什么？

Cryptocurrency address risk analysis, AML compliance checks, and on-chain transaction tracing using the MistTrack OpenAPI. MistTrack is an anti-money launder... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 307 次。

如何安装 MistTrack Skills？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install misttrack-aml-skills」即可一键安装，无需额外配置。

MistTrack Skills 是免费的吗？

是的，MistTrack Skills 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

MistTrack Skills 支持哪些平台？

MistTrack Skills 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 MistTrack Skills？

由 MistTrack（@misttrack）开发并维护，当前版本 v0.2.12。