ClawHub

Pilot Fraud Detection Pipeline Setup

v1.0.0

Deploy a fraud detection pipeline with 4 agents. Use this skill when: 1. User wants to set up real-time transaction monitoring with escalation through analys...

0· 13·0 current·0 all-time
byCalin Teodor@teoslayer
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the skill does: it installs and configures four Pilot agents and wire-up data flows. The declared required binaries (pilotctl and clawhub) are appropriate and expected for installing skills and managing agents.
Instruction Scope
SKILL.md stays within the pipeline setup scope: it asks the user to pick a role and prefix, run clawhub install commands, set hostnames with pilotctl, write a manifest to ~/.pilot/setups/fraud-detection-pipeline.json, and perform handshakes. Two operational notes: (1) the instructions show publishing realistic transaction payloads (card_hash, device fingerprints, amounts, etc.), which is expected but involves sensitive data and requires secure networks and privacy controls; (2) the doc states handshakes auto-approve when both sides send them—this is a platform property but worth noting as a potential source of accidental trust if prefixes/hostnames collide or are guessable.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — lowest install risk. It relies on existing public CLI tools (clawhub and pilotctl) rather than downloading arbitrary archives.
Credentials
The skill does not request any environment variables or credentials. Note: the downstream pilot-* skills that this setup installs may later require service credentials or secrets; those are not declared here and should be reviewed before those skills are installed or run.
Persistence & Privilege
always is false and the skill only instructs writing a manifest to the user's ~/.pilot path (its own config area). It does not request persistent platform-wide privileges or modify other skills' configurations in the instructions provided.
Assessment
This skill appears to do what it claims, but before installing: (1) verify pilotctl and clawhub are the official, trusted binaries on your system (checksum/signature if available); (2) choose a unique prefix/hostnames to avoid accidental handshake/trust collisions with other deployments; (3) ensure the network between agents is secured (TLS, firewall rules) because the example payloads include sensitive transaction data (card/device identifiers, amounts, case evidence); (4) review each pilot-* skill the setup installs — they may require credentials or further configuration not declared here; and (5) protect the ~/.pilot/setups/fraud-detection-pipeline.json manifest (it contains topology and may point to sensitive operational structure). If any of those items are unclear, test in an isolated environment before deploying to production.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspilotctl, clawhub
latestvk979xgahzsfhzc2z6pxy1msz6985dq9h
13downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
Calin Teodor@teoslayer
latest
Download

Fraud Detection Pipeline Setup

Deploy 4 agents: monitor, pattern-analyzer, investigator, and enforcer.

Roles

RoleHostnameSkillsPurpose
monitor<prefix>-monitorpilot-stream-data, pilot-event-filter, pilot-cron, pilot-metricsWatches transactions, flags suspicious activity
pattern-analyzer<prefix>-pattern-analyzerpilot-event-filter, pilot-archive, pilot-priority-queueBehavioral analysis on flagged transactions
investigator<prefix>-investigatorpilot-task-router, pilot-audit-log, pilot-datasetAssembles evidence, recommends actions
enforcer<prefix>-enforcerpilot-blocklist, pilot-webhook-bridge, pilot-audit-log, pilot-alertExecutes blocks, feeds back to monitor

Setup Procedure

Step 1: Ask the user which role this agent should play and what prefix to use.

Step 2: Install the skills for the chosen role:

# For monitor:
clawhub install pilot-stream-data pilot-event-filter pilot-cron pilot-metrics
# For pattern-analyzer:
clawhub install pilot-event-filter pilot-archive pilot-priority-queue
# For investigator:
clawhub install pilot-task-router pilot-audit-log pilot-dataset
# For enforcer:
clawhub install pilot-blocklist pilot-webhook-bridge pilot-audit-log pilot-alert

Step 3: Set the hostname and write the manifest to ~/.pilot/setups/fraud-detection-pipeline.json.

Step 4: Tell the user to initiate handshakes with the peers for their role.

Manifest Templates Per Role

monitor

{
  "setup": "fraud-detection-pipeline", "role": "monitor", "role_name": "Transaction Monitor",
  "hostname": "<prefix>-monitor",
  "skills": {
    "pilot-stream-data": "Ingest real-time transaction streams from payment processors.",
    "pilot-event-filter": "Apply velocity checks, amount thresholds, and geo rules.",
    "pilot-cron": "Run scheduled batch scans for dormant account reactivation patterns.",
    "pilot-metrics": "Track flagging rates, false positive ratios, and latency."
  },
  "data_flows": [
    { "direction": "send", "peer": "<prefix>-pattern-analyzer", "port": 1002, "topic": "flagged-transaction", "description": "Transactions exceeding risk thresholds" },
    { "direction": "receive", "peer": "<prefix>-enforcer", "port": 1002, "topic": "blocked-entity", "description": "Blocked entities for rule updates" }
  ],
  "handshakes_needed": ["<prefix>-pattern-analyzer", "<prefix>-enforcer"]
}

pattern-analyzer

{
  "setup": "fraud-detection-pipeline", "role": "pattern-analyzer", "role_name": "Pattern Analyzer",
  "hostname": "<prefix>-pattern-analyzer",
  "skills": {
    "pilot-event-filter": "Score transactions by device fingerprint, geo-velocity, and MCC patterns.",
    "pilot-archive": "Store behavioral profiles and historical pattern data.",
    "pilot-priority-queue": "Prioritize high-risk cases for immediate investigation."
  },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-monitor", "port": 1002, "topic": "flagged-transaction", "description": "Flagged transactions to analyze" },
    { "direction": "send", "peer": "<prefix>-investigator", "port": 1002, "topic": "high-risk-case", "description": "High-risk cases with behavioral analysis" }
  ],
  "handshakes_needed": ["<prefix>-monitor", "<prefix>-investigator"]
}

investigator

{
  "setup": "fraud-detection-pipeline", "role": "investigator", "role_name": "Case Investigator",
  "hostname": "<prefix>-investigator",
  "skills": {
    "pilot-task-router": "Route cases to specialized investigation workflows.",
    "pilot-audit-log": "Maintain chain-of-custody documentation for all evidence.",
    "pilot-dataset": "Cross-reference against known fraud pattern databases."
  },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-pattern-analyzer", "port": 1002, "topic": "high-risk-case", "description": "Cases requiring investigation" },
    { "direction": "send", "peer": "<prefix>-enforcer", "port": 1002, "topic": "fraud-verdict", "description": "Verdicts with recommended enforcement actions" }
  ],
  "handshakes_needed": ["<prefix>-pattern-analyzer", "<prefix>-enforcer"]
}

enforcer

{
  "setup": "fraud-detection-pipeline", "role": "enforcer", "role_name": "Fraud Enforcer",
  "hostname": "<prefix>-enforcer",
  "skills": {
    "pilot-blocklist": "Maintain and enforce block/allow lists for cards, devices, IPs.",
    "pilot-webhook-bridge": "Trigger external actions (freeze accounts, decline transactions).",
    "pilot-audit-log": "Log all enforcement decisions with full justification.",
    "pilot-alert": "Notify fraud operations team of high-severity enforcement actions."
  },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-investigator", "port": 1002, "topic": "fraud-verdict", "description": "Verdicts to enforce" },
    { "direction": "send", "peer": "<prefix>-monitor", "port": 1002, "topic": "blocked-entity", "description": "Blocked entities for detection rule updates" }
  ],
  "handshakes_needed": ["<prefix>-investigator", "<prefix>-monitor"]
}

Data Flows

  • monitor -> pattern-analyzer : flagged transactions exceeding risk thresholds (port 1002)
  • pattern-analyzer -> investigator : high-risk cases with behavioral analysis (port 1002)
  • investigator -> enforcer : fraud verdicts with recommended actions (port 1002)
  • enforcer -> monitor : blocked entities to update detection rules (port 1002)

Workflow Example

# On monitor -- flag suspicious transaction:
pilotctl --json publish <prefix>-pattern-analyzer flagged-transaction '{"txn_id":"TXN-8839201","amount":2499.99,"velocity_1h":7,"risk_score":0.78}'
# On pattern-analyzer -- escalate high-risk case:
pilotctl --json publish <prefix>-investigator high-risk-case '{"case_id":"FRD-4401","risk_score":0.94,"patterns":["geo_impossible","device_mismatch"]}'
# On investigator -- issue verdict:
pilotctl --json publish <prefix>-enforcer fraud-verdict '{"case_id":"FRD-4401","verdict":"confirmed_fraud","action":"block_card_and_reverse"}'
# On enforcer -- block and feed back:
pilotctl --json publish <prefix>-monitor blocked-entity '{"entity_type":"card_hash","entity_id":"c4a2e","case_id":"FRD-4401"}'

Dependencies

Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.

Comments

Loading comments...