ClawHub

MistTrack Skills

v0.2.12

Cryptocurrency address risk analysis, AML compliance checks, and on-chain transaction tracing using the MistTrack OpenAPI. MistTrack is an anti-money launder...

0· 316· 14 versions· 1 current· 1 all-time· Updated 23h ago· MIT-0
by@misttrack

Security Scans

VirusTotalBenignClawScanBenignStatic analysisBenign

Install

openclaw skills install misttrack-aml-skills

MistTrack Skills

Sub-skill Index

This skill pack contains two functional modules, each defined under the skills/ directory:

FileFunctionUse Case
skills/core.mdCore FeaturesRisk scoring, address investigation, multisig analysis, pre-transfer security checks, wallet integration (Bitget/Trust/Binance/OKX)
skills/payment.mdx402 PaymentPay-per-use MistTrack API calls when no API Key is available

Security

Read this section before setting any environment variables or invoking payment features.

MISTTRACK_API_KEY

A standard API key for read-only AML queries. No on-chain access. Set via environment variable or --api-key flag.

x402 Private Key — High Sensitivity

scripts/pay.py can sign and broadcast on-chain USDC transactions when a private key is supplied via --key-file.

Enforced in code (runtime, unconditional):

  • Hard cap: $1.00 USDC per call — amounts above this are rejected before signing, regardless of flags.
  • X402_PRIVATE_KEY environment variable is refusedpay.py exits with an error if this variable is set in the environment.
  • Private keys must be supplied via --key-file <path> — the key is read from a permission-restricted file at invocation time and never appears on the command line.

Advisory only (harness-dependent, not enforced by this package):

  • skills/payment.md sets disable_model_calls: true — signals agent platforms to block autonomous invocation. Platforms such as OpenClaw/skills.sh enforce this field; on other platforms it is advisory only.

Remaining risks:

  • An operator who supplies --key-file and adds --auto can trigger unattended payments (intentional for testing; do not use in production).

Recommended practice:

  1. Prefer MISTTRACK_API_KEY for all normal usage — it is read-only and never touches on-chain state.
  2. If x402 is needed, store the key in a chmod 600 file and pass it via --key-file at invocation time.
  3. Never pass --auto in production agent pipelines.

Quick Reference

Pre-Transfer Security Check (Most Common)

Before executing any transfer or withdrawal, run the following script to check the recipient address for AML risk:

python3 scripts/transfer_security_check.py \
  --address <recipient_address> \
  --chain <chain_code> \
  --json

Exit Code: 0=ALLOW / 1=WARN / 2=BLOCK / 3=ERROR See skills/core.md for detailed decision logic.

Full Address Investigation

python3 scripts/address_investigation.py --address 0x... --coin ETH

x402 Pay-per-Use

When no API Key is available, use scripts/pay.py to pay per call with USDC. Private keys must be stored in a permission-restricted file and passed via --key-file:

echo "your_hex_private_key" > ~/.x402_key && chmod 600 ~/.x402_key
python3 scripts/pay.py pay --url "..." --key-file ~/.x402_key --chain-id 8453

See skills/payment.md for details and security considerations.

Environment Variables

VariableRequiredSensitiveDescription
MISTTRACK_API_KEYNo (recommended)YesMistTrack API key — all scripts read this first; x402 is the alternative if absent

When MISTTRACK_API_KEY is set, all scripts use API Key mode (read-only, no on-chain access). For x402 pay-per-use, store the private key in a chmod 600 file and pass it via --key-file at invocation time. X402_PRIVATE_KEY environment variable is not supported and causes pay.py to exit with an error.

Python Dependencies

# Core AML scripts (risk_check, batch_risk_check, transfer_security_check,
#                   address_investigation, multisig_analysis)
pip install -r requirements.txt

# pay.py only (x402 EVM + Solana payments)
pip install -r requirements-pay.txt
PackageRequired for
requestsAll scripts (requirements.txt)
eth-accountpay.py EIP-3009 signing (requirements-pay.txt)
eth-abipay.py EIP-712 encoding (requirements-pay.txt)
eth-utilspay.py keccak256 (requirements-pay.txt)
solderspay.py Solana partial signing (requirements-pay.txt)
base58pay.py Solana partial signing (requirements-pay.txt)

Script Reference

ScriptFunction
scripts/transfer_security_check.pyPre-transfer AML address check (main entry point)
scripts/risk_check.pySingle address risk scoring
scripts/batch_risk_check.pyBatch async risk scoring
scripts/address_investigation.pyFull address investigation (aggregates 6 APIs)
scripts/multisig_analysis.pyMultisig address identification and permission analysis
scripts/pay.pyx402 payment protocol client - see Security section

Version tags

latestvk979y7hn9paq9b6nkcec80zq9x83w0wt