MistTrack Skills Released: Empowering AI Agents with On-Chain AML Risk Analysis Capabilities
With the rising popularity of OpenClaw, the AI Agent and Skills ecosystem is once again experiencing rapid growth within the developer community. More and more AI tools are now capable of directly calling APIs, executing automated tasks, and even participating in on-chain operations within Web3 scenarios.
Against this backdrop, a new and critical question emerges: how can AI systems develop sound security judgment when executing on-chain transactions, analyzing crypto addresses, or handling digital assets?
In response to this trend, SlowMist has launched the AI Agent skill package for MistTrack — MistTrack Skills (https://github.com/slowmist/misttrack-skills). It is designed for cryptocurrency address risk analysis, AML compliance screening, and on-chain transaction tracing.
What are MistTrack Skills?
MistTrack is an on-chain tracking and anti-money laundering (AML) tool independently developed by SlowMist. It indexes over 400 million addresses and 500,000 pieces of threat intelligence data, enabling risk scoring, label identification, and fund flow analysis for on-chain addresses and transactions.
MistTrack currently supports multiple mainstream blockchains, including Bitcoin, Ethereum, TRON, BNB Smart Chain, Polygon, Arbitrum, Optimism, Base, Avalanche, zkSync Era, Toncoin, Solana, Litecoin, Dogecoin, Bitcoin Cash, Merlin Chain, HashKey Chain, Sui, and IoTeX.
At the technical level, MistTrack Skills is built on the MistTrack OpenAPI (https://openapi.misttrack.io), which requires prior configuration of a MISTTRACK_API_KEY.
The API provides various on-chain risk analysis capabilities, including:
- API status & supported token list
- Address labels (entity name, type)
- Address balance & statistics
- Address / tx risk score (sync)
- risk score task (async)
- Transaction flow analysis (in/out)
- Behavior analysis (DEX/Exchange/Mixer ratio)
- Address profile (platforms, events, relations)
- Counterparty analysis
These capabilities can be automatically invoked by AI Agents, as MistTrack Skills support integration with leading AI Agent tools such as OpenClaw and Claude Code.
It is also compatible with wallet-related Skills and can be used alongside the Skills of Bitget Wallet and Trust Wallet. After installing the corresponding Skills and executing a transaction, MistTrack Skills can automatically perform a security check on the target address.
This means that when an AI Agent executes transfers, swaps, or other on-chain operations, AML risk detection can be completed automatically in the background.
How to Use MistTrack Skills?
Installation
npx skills add slowmist/misttrack-skills
Note: Log in to the MistTrack console (https://dashboard.misttrack.io/) using your email address and verification code, then purchase the Standard Plan (new users may choose the limited-time $10 trial package). After completing the payment, create an API Key at: https://dashboard.misttrack.io/apikeys.
Set the environment variable (recommended):
export MISTTRACK_API_KEY=your_api_key_here
See SKILL.md for full API documentation
https://github.com/slowmist/misttrack-skills/blob/main/SKILL.md
Example Prompts
Once MistTrack Skills are installed, you can directly ask the AI on-chain security questions, such as:
Quick Risk Check (KYT)
- Check the risk score for ETH address 0x6487B5006904f3Db3C4a3654409AE92b87eD442f
- Is TRX address TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh safe? Any money laundering history?
- What’s the risk score for transaction 0xabc123…? Does it involve any sanctioned entities?
Full Address Investigation
- Run a complete on-chain investigation on 0x6487B5006904f3Db3C4a3654409AE92b87eD442f — labels, balance, risk score, platform interactions, and counterparties
- Where did the funds in BTC address 1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf come from and go to?
- Analyze the behavior of 0xd90e2f925da726b50c4ed8d0fb90ad053324f31b — is it mostly interacting with DEXes, mixers, or exchanges?
Transaction Tracing
- Trace where funds from 0x6487B5006904f3Db3C4a3654409AE92b87eD442f went — focus on outgoing transfers
- Has this address ever interacted with Tornado Cash, directly or indirectly?
- Show me the main counterparties for TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh — where did most funds originate?
Status & Support
- Does MistTrack support USDT on Solana?
- List all tokens currently supported by MistTrack
Pre-Transfer Security Check
Pre-transfer security screening is a highly important use case. When MistTrack Skills is used in combination with the Skills of Bitget Wallet or Trust Wallet, it will automatically assess the risk level of the recipient address before the transfer is executed.
- Swap my 0.1 ETH to USDT and send to 0x6487B5006904f3Db3C4a3654409AE92b87eD442f (auto-checks recipient risk)
- Send 100 TRX to TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh
- Bridge 500 USDT from BNB Chain to 0x28C6c06298d514Db089934071355E5743bf21d60
Usage Examples
(1) Scenario 1: Quick Address Risk Check (KYT)
When you need to perform a rapid AML check on a withdrawal or deposit address, you can ask:
“Please help me analyze this address TNfK1r5jb8Wa1Ph1MApjqJobsY8SPwj3Yh.”
(2) Scenario 2: Full Address Profiling
When conducting a comprehensive investigation of a suspicious address, you can ask:
“Give me the profile of this address 0x6487B5006904f3Db3C4a3654409AE92b87eD442f on the Ethereum chain.”
(3) Scenario 3: Address Transaction Tracing
Ask:
“Track the fund flows of 0x6487B5006904f3Db3C4a3654409AE92b87eD442f on Ethereum, with a focus on which addresses the funds were transferred to.”
(4) Scenario 4: Transaction Risk Pre-check
Ask:
“Swap my 1 ETH for USDT and send it to 0x6487B5006904f3Db3C4a3654409AE92b87eD442f.”
a. Only Bitget Wallet Skill installed
b. Both Bitget Wallet Skill and MistTrack Skills installed
When performing transactions with an AI Agent, installing MistTrack Skills helps users effectively prevent potential risks.
Works with Bitget Wallet Skill or Trust Wallet Skills
1. Integration with Bitget Wallet Skill
Use Cases / Scenarios
When an Agent has both bitget-wallet-skill and misttrack-skills loaded, this skill must be automatically invoked to perform an AML risk check on the destination address (recipient / to-address) before executing any transfer or swap operation.
Why is Address-Level Security Detection Necessary?
While the Pre-Trade Workflow of bitget-wallet-skill already covers token security (e.g., honeypots, tax rates, liquidity), it does not detect the AML risks associated with the recipient’s address.
Transferring funds to sanctioned addresses, mixer withdrawal addresses, or hacker wallets can lead to:
- Assets being flagged by on-chain tracking entities.
- Violations of OFAC sanction compliance requirements.
- Funds being frozen by exchanges (if the destination is a money-laundering intermediary address).
MistTrack Skills specifically fill this critical gap.
Usage Example
(1) Basic Calls (Recommended for Agent Use)
# ETH Chain Address Check
python3
scripts/transfer_security_check.py \
— address
0xd90e2f925DA726b50C4Ed8D0Fb90Ad053324F31b \
— chain eth
# Solana Chain Address Check
python3
scripts/transfer_security_check.py \
— address
5tzFkiKscXHK5B17AoKFdroMRCEVGvSqtPkRSLzprFwN \
— chain sol
# JSON Output (for easier Agent parsing)
python3
scripts/transfer_security_check.py \
— address
0x28C6c06298d514Db089934071355E5743bf21d60 \
— chain eth — json
(2) WARN Scenario Example Output (Displayed to User)
⚠️ Recipient Address Security
Warning
────────────────────────────────────
Address:
0xABCD…1234
Chain: ETH
Risk Score: 55 (Moderate)
Risk
Description: Interact With High-risk Tag Address, Involved in Illicit
Activity
Risk Report: https://light.misttrack.io/riskReport/0xABCD...
Recommendation: This address carries a moderate risk. Please
verify the recipient’s identity before proceeding.
Do you still want to
continue the transfer? [yes/no]
2. Trust Wallet Skills Integration
Applicable Scenarios
When an Agent has both tw-agent-skills (wallet-core or
trust-web3-provider) and misttrack-skills loaded, this skill must
be automatically invoked for AML risk checks before generating any code
containing a recipient address.
Agent Trigger Rules
(1) wallet-core Scenario
(When the Agent generates signed code snippets containing toAddress, it must check the address
before providing the code):
# Example: User requests signature generation for a Bitcoin
address — check the target address first
python3
scripts/transfer_security_check.py \
— address
1MityqAKBEKHPkBpwDCqPMBNbYPxbNbKzr \
— chain bitcoin — json
# Example: User constructs an Ethereum transfer — check toAddress
first
python3 scripts/transfer_security_check.py \
— address
0xRecipient… \
— chain eth — json
(2) trust-web3-provider
Scenario
(When the Agent helps developers implement
handlers for eth_sendTransaction /
ton_sendTransaction, insert a check
point in the handling logic):
# Handler receives eth_sendTransaction — target address is in
params.to
python3 scripts/transfer_security_check.py \
— address
<params.to> — chain eth — json
# Handler receives ton_sendTransaction
python3
scripts/transfer_security_check.py \
— address <params.to> —
chain ton — json
In Conclusion
As AI Agents increasingly participate in Web3 operations and automated trading, security capabilities need to evolve from being mere tools to becoming default features of the Agent. MistTrack Skills aims to enable AI to automatically perform address risk assessments and AML compliance checks when executing on-chain operations, thereby providing a safer infrastructure at the intersection of AI and Web3.
If you are building AI Agents, AI wallets, on-chain investigation tools, or Web3 automation systems, you are welcome to use MistTrack Skills: https://github.com/slowmist/misttrack-skills.
Related Resources
MistTrack Official Documentation: https://docs.misttrack.io/
MistTrack OpenAPI: https://openapi.misttrack.io
MistTrack Console: https://dashboard.misttrack.io/
Bitget Wallet Skill: https://github.com/bitget-wallet-ai-lab/bitget-wallet-skill
Trust Wallet tw-agent-skills: https://github.com/trustwallet/tw-agent-skills
About SlowMist
SlowMist is a threat intelligence firm focused on blockchain security, established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring), SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
