With the increasing prevalence of OpenClaw, the AI Agent and Skills landscape is experiencing a resurgence in developer community engagement. A growing number of AI utilities now possess the ability to directly interface with APIs, automate tasks, and even participate in on-chain processes within Web3 environments.
In light of this trend, a crucial new consideration arises: how can AI systems cultivate robust security discernment when handling on-chain transactions, scrutinizing cryptocurrency addresses, or managing digital assets?
Responding to this development, SlowMist has introduced the AI Agent skill package for MistTrack — MistTrack Skills (https://github.com/slowmist/misttrack-skills). This offering is tailored for the risk analysis of cryptocurrency addresses, AML compliance screening, and on-chain transaction monitoring.
What are MistTrack Skills?
MistTrack is an indigenous on-chain tracking and anti-money laundering (AML) solution developed by SlowMist. It aggregates data from over 400 million addresses and 500,000 pieces of threat intelligence, enabling risk scoring, entity identification, and fund flow analysis for on-chain addresses and transactions.
MistTrack currently extends support to numerous mainstream blockchains, including Bitcoin, Ethereum, TRON, BNB Smart Chain, Polygon, Arbitrum, Optimism, Base, Avalanche, zkSync Era, Toncoin, Solana, Litecoin, Dogecoin, Bitcoin Cash, Merlin Chain, HashKey Chain, Sui, and IoTeX.
On a technical foundation, MistTrack Skills operates via the MistTrack OpenAPI (https://openapi.misttrack.io), necessitating the prior setup of a MISTTRACK_API_KEY.
The API furnishes a range of on-chain risk assessment capabilities, encompassing:
- API operational status & list of supported tokens
- Address classifications (entity name, type)
- Address balances & statistical data
- Address / transaction risk scoring (synchronous)
- Risk scoring tasks (asynchronous)
- Transaction flow analysis (incoming/outgoing)
- Behavioral analysis (DEX/Exchange/Mixer ratios)
- Address profiling (platforms, events, interconnections)
- Counterparty assessment
These functionalities can be triggered programmatically by AI Agents, as MistTrack Skills are designed for integration with prominent AI Agent platforms like OpenClaw and Claude Code.
Compatibility also extends to wallet-centric Skills, allowing for synergistic use with the capabilities of Bitget Wallet and Trust Wallet. Upon installation of the relevant Skills and execution of a transaction, MistTrack Skills can automatically conduct a security verification of the target address.
This ensures that as AI Agents facilitate transfers, swaps, or other on-chain activities, AML risk detection proceeds autonomously in the background.
How to Use MistTrack Skills?
Installation
npx skills add slowmist/misttrack-skills
Please note: Log in to the MistTrack console (https://dashboard.misttrack.io/) using your email and verification code. Then, subscribe to the Standard Plan (new users can opt for the limited-time $10 trial package). After successful payment, generate an API Key at: https://dashboard.misttrack.io/apikeys.
Set the environment variable (recommended):
export MISTTRACK_API_KEY=your_api_key_here
Refer to SKILL.md for comprehensive API documentation
https://github.com/slowmist/misttrack-skills/blob/main/SKILL.md
Example Prompts
Once MistTrack Skills are installed, you can pose on-chain security queries directly to the AI, such as:
Quick Risk Check (KYT)
- Evaluate the risk score for ETH address 0x6487B5006904f3Db3C4a3654409AE92b87eD442f
- Is the TRX address TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh secure? Has it been involved in money laundering?
- What is the risk score for transaction 0xabc123…? Does it involve any entities under sanctions?
Comprehensive Address Investigation
- Conduct a thorough on-chain investigation of 0x6487B5006904f3Db3C4a3654409AE92b87eD442f, including labels, balance, risk score, platform interactions, and counterparties
- Determine the origin and destination of funds for BTC address 1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf
- Analyze the activity patterns of 0xd90e2f925da726b50c4ed8d0fb90ad053324f31b — does it primarily interact with DEXes, mixers, or exchanges?
Transaction Tracing
- Trace the outgoing transfers from 0x6487B5006904f3Db3C4a3654409AE92b87eD442f
- Has this address ever engaged with Tornado Cash, either directly or indirectly?
- Identify the primary counterparties for TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh, focusing on the origin of most funds
Status & Support
- Does MistTrack offer support for USDT on Solana?
- Provide a list of all tokens currently supported by MistTrack
Pre-Transfer Security Verification
Pre-transfer security screening is a vital application. When MistTrack Skills are utilized in conjunction with Bitget Wallet or Trust Wallet Skills, they automatically assess the recipient address’s risk level prior to transaction execution.
- Exchange 0.1 ETH for USDT and transmit to 0x6487B5006904f3Db3C4a3654409AE92b87eD442f (recipient risk automatically checked)
- Send 100 TRX to TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh
- Bridge 500 USDT from BNB Chain to 0x28C6c06298d514Db089934071355E5743bf21d60
Usage Examples
(1) Scenario 1: Rapid Address Risk Assessment (KYT)
For quick AML checks on withdrawal or deposit addresses, you can inquire:
“Please analyze this address TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh.”
(2) Scenario 2: Full Address Profiling
For in-depth investigations of suspicious addresses, you can request:
“Provide the Ethereum chain profile for address 0x6487B5006904f3Db3C4a3654409AE92b87eD442f.”
(3) Scenario 3: Address Transaction Tracing
Inquire:
“Trace the fund movements from 0x6487B5006904f3Db3C4a3654409AE92b87eD442f on Ethereum, focusing on the destinations of the transferred funds.”
(4) Scenario 4: Transaction Risk Pre-check
Ask:
“Execute a swap of 1 ETH for USDT and send to 0x6487B5006904f3Db3C4a3654409AE92b87eD442f.”
a. Only Bitget Wallet Skill installed
b. Both Bitget Wallet Skill and MistTrack Skills installed
When conducting transactions via an AI Agent, the integration of MistTrack Skills empowers users to proactively mitigate potential risks.
Synergy with Bitget Wallet Skill or Trust Wallet Skills
1. Integration with Bitget Wallet Skill
Use Cases / Scenarios
When an Agent is equipped with both the bitget-wallet-skill and misttrack-skills, this particular skill is mandated for automatic invocation to perform an AML risk assessment on the destination address (recipient / to-address) prior to executing any transfer or swap operations.
Why is Address-Level Security Detection Essential?
While the Pre-Trade Workflow of the bitget-wallet-skill addresses token-level security concerns (such as honeypots, tax rates, and liquidity), it does not encompass the detection of AML risks associated with the recipient’s address.
Transmitting funds to addresses that are sanctioned, associated with mixer withdrawals, or identified as hacker wallets can result in:
- Assets being flagged by blockchain surveillance entities.
- Non-compliance with OFAC sanction regulations.
- Funds being frozen by exchanges (if the destination serves as a money-laundering intermediary).
MistTrack Skills specifically address this critical security gap.
Usage Example
(1) Basic Queries (Recommended for Agent Integration)
# ETH Chain Address Verification
python3 scripts/transfer_security_check.py
— address 0xd90e2f925DA726b50C4Ed8D0Fb90Ad053324F31b
— chain eth
# Solana Chain Address Verification
python3 scripts/transfer_security_check.py
— address 5tzFkiKscXHK5B17AoKFdroMRCEVGvSqtPkRSLzprFwN
— chain sol
# JSON Output (facilitates Agent parsing)
python3 scripts/transfer_security_check.py
— address 0x28C6c06298d514Db089934071355E5743bf21d60
— chain eth — json
(2) WARN Scenario Example Output (Presented to User)
⚠️ Recipient Address Security Alert
────────────────────────────────────
Address: 0xABCD…1234
Chain: ETH
Risk Score: 55 (Moderate)
Risk Description: Interaction with a High-risk Tagged Address; Involved in Illicit Activities
Risk Report: https://light.misttrack.io/riskReport/0xABCD…
Recommendation: This address presents moderate risk. Please confirm the recipient’s identity before proceeding.
Do you wish to continue the transfer? [yes/no]
2. Trust Wallet Skills Integration
Applicable Scenarios
When an Agent integrates both tw-agent-skills (wallet-core or trust-web3-provider) and misttrack-skills, this skill must be automatically activated to conduct AML risk assessments prior to generating any code that includes a recipient address.
Agent Trigger Rules
(1) wallet-core Scenario
(Upon Agent generation of signed code snippets containing a toAddress, the address must be verified first):
# Example: User requests signature generation for a Bitcoin address — verify the target address first
python3 scripts/transfer_security_check.py
— address 1MityqAKBEKHPkBpwDCqPMBNbYPxbNbKzr
— chain bitcoin — json
# Example: User constructs an Ethereum transfer — verify the toAddress first
python3 scripts/transfer_security_check.py
— address 0xRecipient…
— chain eth — json
(2) trust-web3-provider Scenario
(When the Agent assists developers in implementing handlers for eth_sendTransaction / ton_sendTransaction, incorporate a verification checkpoint within the handler logic):
# Handler receives eth_sendTransaction — the target address is located in params.to
python3 scripts/transfer_security_check.py
— address <params.to> — chain eth — json
# Handler receives ton_sendTransaction
python3 scripts/transfer_security_check.py
— address <params.to> — chain ton — json
Conclusion
As AI Agents become more involved in Web3 operations and automated trading, security functionalities must transition from supplementary tools to intrinsic features of the Agent. MistTrack Skills are designed to empower AI to autonomously perform address risk evaluations and AML compliance checks during on-chain activities, thereby establishing a more secure foundation at the convergence of AI and Web3.
If you are developing AI Agents, AI wallets, on-chain investigation platforms, or Web3 automation systems, you are encouraged to utilize MistTrack Skills: https://github.com/slowmist/misttrack-skills.
Related Resources
MistTrack Official Documentation: https://docs.misttrack.io/
MistTrack OpenAPI: https://openapi.misttrack.io
MistTrack Console: https://dashboard.misttrack.io/
Bitget Wallet Skill: https://github.com/bitget-wallet-ai-lab/bitget-wallet-skill
Trust Wallet tw-agent-skills: https://github.com/trustwallet/tw-agent-skills
About SlowMist
SlowMist is a cybersecurity intelligence firm specializing in blockchain technology, established in January 2018. Founded by a team with over a decade of network security expertise, the firm aims to become a global leader in securing the blockchain ecosystem for all participants. Currently recognized as a prominent international blockchain security entity, SlowMist has provided services to notable projects including HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, and Crypto.com.
SlowMist offers a comprehensive suite of services, including security audits, threat intelligence dissemination, defense system deployment, security consultancy, and other related security provisions. Additionally, the company provides AML (Anti-money laundering) software, MistEye (Security Monitoring), SlowMist Hacked (a repository of cryptocurrency hack incidents), FireWall.x (a smart contract firewall), and other SaaS products. Collaborations are maintained with both domestic and international entities such as Akamai, BitDefender, RC², TianJi Partners, and IPIP. The firm’s extensive contributions to cryptocurrency crime investigations have been acknowledged by international organizations and governmental bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering bespoke, comprehensive security solutions, SlowMist identifies and preempts potential risks. The team has successfully uncovered and disclosed several high-severity blockchain security vulnerabilities, thereby enhancing awareness and elevating security standards across the blockchain ecosystem.
Information compiled from materials : slowmist.medium.com