blockchain-intelligence-playbook
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseBlockchain intelligence — skill index
区块链智能——技能索引
This repository splits topics into focused skills (load the specific skill when the task is narrow). Shared rules: educational patterns only; no sanctions evasion, harassment, or non-consensual doxxing; not legal/investment advice.
本仓库将主题划分为细分技能(当任务范围较窄时,加载对应的特定技能)。通用规则:仅包含教育性内容;严禁规避制裁、骚扰或未经同意的人肉搜索;不构成法律/投资建议。
Choosing a skill (quick map)
技能选择快速指引
| If the user is asking about… | Start here |
|---|---|
| Crime types, ethics, reporting, CEX/stablecoin limits | crypto-investigation-compliance |
| Phalcon Compliance product documentation URL | phalcon-compliance-documentation |
Chainalysis Sanctions API / public oracle, | chainalysis-sanctions-screening |
| FATF AML/CFT glossary terms (CDD, STR, PEP, etc.) | fatf-glossary-reference |
| Arkham “leading crypto analysis tools” research / trader tool landscape | arkham-leading-crypto-analysis-tools |
| Becoming an EVM smart contract auditor (cmichel.io guide) | cmichel-smart-contract-auditor-guide |
| Risk indicators, exposure %, address/tx screening templates | risk-exposure-screening-concepts |
| Structuring-like frequency, large transfers, transit / rapid movement | behavioral-risk-screening-concepts |
| Address tags/markers, CSV screening, blacklist vs whitelist UX | address-screening-workflow-concepts |
| Transaction hash screening, deposit/withdrawal direction, STR exports | transaction-screening-workflow-concepts |
| General OSINT tool discovery (non-chain) | bellingcat-investigation-toolkit |
| End-to-end on-chain forensics persona | on-chain-investigator-agent |
| Solana txs, ATAs, SPL | solana-tracing-specialist |
| Helius/Range/Tavily docs, MCP, graph UI (React Flow), x402 (PayAI), Solana policy institute | solana-onchain-intelligence-resources |
| Range MCP wallet investigation steps, sanctions, transfers | range-ai-investigation-playbook |
| Solana entity clustering / Jito / launchpads | solana-clustering-advanced |
| Cross-chain bridges and unified graphs | cross-chain-clustering-techniques-agent |
| Broad DeFi audit + rug/governance | defi-security-audit-agent |
| Admin takeover, blind signing, Solana durable nonces (mitigations) | defi-admin-takeover-mitigation-lessons |
| EVM Solidity contracts (Ethereum/L2) | evm-solidity-defi-triage-agent |
| Solana programs (Anchor, PDAs, CPIs) | solana-defi-vulnerability-analyst-agent |
| Sealevel Attacks repo (Solana exploit pattern examples) | sealevel-attacks-solana |
| Neodyme Solana Security Workshop (workshop.neodyme.io) | neodyme-solana-security-workshop |
| Osec “Solana: An Auditor’s Introduction” (runtime primer) | osec-solana-auditor-introduction |
@armaniferrante X post | armaniferrante-x-status-solana-reference |
| Honeypot / sell restrictions | honeypot-detection-techniques |
| Launch rug red flags | rug-pull-pattern-detection-agent |
| Flash-loan incidents | flash-loan-exploit-investigator-agent |
| Sandwich MEV post-mortems | sandwich-attack-investigator-agent |
| MEV infrastructure / searchers | mev-bot-infrastructure-analysis-agent |
| MEV + rug overlap hypotheses | mev-bot-rug-coordination-investigator-agent |
| Web crawling | katana-web-crawling |
| Classic AFL / lcamtuf fuzzing docs (C/C++ coverage-guided) | lcamtuf-afl-documentation |
| Agent Skills spec / SKILL.md format / agentskills.io | agentskills-specification |
| Scrapy/Python on-chain datasets, transfer subgraphs (BlockchainSpider) | blockchain-spider-toolkit |
| MoTS / KYT transaction semantics, WWW 2023 paper reproduction | mots-transaction-semantics |
| Impersonator (EVM/Solana dApp connect as any address, dev/testing) | impersonator-dapp-devtools |
When in doubt, load on-chain-investigator-agent or this index.
| 如果用户询问的是… | 从这里开始 |
|---|---|
| 犯罪类型、伦理规范、报告流程、中心化交易所/稳定币限制 | crypto-investigation-compliance |
| Phalcon Compliance产品文档URL | phalcon-compliance-documentation |
Chainalysis制裁API / 公共预言机、 | chainalysis-sanctions-screening |
| FATF反洗钱/反恐怖融资术语表(CDD、STR、PEP等) | fatf-glossary-reference |
| Arkham“顶级加密分析工具”研究 / 交易者工具生态 | arkham-leading-crypto-analysis-tools |
| 成为EVM智能合约审计师(cmichel.io指南) | cmichel-smart-contract-auditor-guide |
| 风险指标、敞口占比、地址/交易筛查模板 | risk-exposure-screening-concepts |
| 结构化交易频率、大额转账、中转/快速转移 | behavioral-risk-screening-concepts |
| 地址标签/标记、CSV筛查、黑白名单交互逻辑 | address-screening-workflow-concepts |
| 交易哈希筛查、存提方向、STR导出 | transaction-screening-workflow-concepts |
| 通用开源情报工具探索(非链上) | bellingcat-investigation-toolkit |
| 端到端链上取证角色 | on-chain-investigator-agent |
| Solana交易、ATA、SPL | solana-tracing-specialist |
| Helius/Range/Tavily文档、MCP、图形UI(React Flow)、x402(PayAI)、Solana政策研究所 | solana-onchain-intelligence-resources |
| Range MCP钱包调查步骤、制裁、转账 | range-ai-investigation-playbook |
| Solana实体聚类 / Jito / launchpad | solana-clustering-advanced |
| 跨链桥与统一图谱 | cross-chain-clustering-techniques-agent |
| 广义DeFi审计 + 跑路/治理 | defi-security-audit-agent |
| 管理员接管、盲签、Solana持久化随机数(缓解方案) | defi-admin-takeover-mitigation-lessons |
| EVM Solidity合约(以太坊/L2) | evm-solidity-defi-triage-agent |
| Solana程序(Anchor、PDA、CPI) | solana-defi-vulnerability-analyst-agent |
| Sealevel Attacks仓库(Solana漏洞模式示例) | sealevel-attacks-solana |
| Neodyme Solana安全研讨会(workshop.neodyme.io) | neodyme-solana-security-workshop |
| Osec《Solana:审计师入门》(运行时基础) | osec-solana-auditor-introduction |
@armaniferrante的X帖子 | armaniferrante-x-status-solana-reference |
| 蜜罐 / 售卖限制 | honeypot-detection-techniques |
| 项目跑路预警信号 | rug-pull-pattern-detection-agent |
| 闪电贷事件 | flash-loan-exploit-investigator-agent |
| 三明治MEV事后分析 | sandwich-attack-investigator-agent |
| MEV基础设施 / 搜索者 | mev-bot-infrastructure-analysis-agent |
| MEV + 跑路关联假设 | mev-bot-rug-coordination-investigator-agent |
| 网络爬虫 | katana-web-crawling |
| 经典AFL / lcamtuf模糊测试文档(C/C++覆盖率引导) | lcamtuf-afl-documentation |
| Agent Skills规范 / SKILL.md格式 / agentskills.io | agentskills-specification |
| Scrapy/Python链上数据集、转账子图(BlockchainSpider) | blockchain-spider-toolkit |
| MoTS / KYT交易语义、WWW 2023论文复现 | mots-transaction-semantics |
| Impersonator(EVM/Solana dApp模拟任意地址连接,开发/测试用) | impersonator-dapp-devtools |
不确定时,加载on-chain-investigator-agent或本索引。
Skills in this bundle
套件内包含的技能
| Skill | Use when |
|---|---|
| blockchain-intelligence-playbook | This index — routing when multiple domains apply |
| blockchain-intelligence-fundamentals | What BI is, tool categories (explorers, tracers, etc.), payment rails vs crypto rails |
| address-clustering-attribution | Wallet clustering (UTXO CIH, EVM deposit sweeps), entities/labels/tags, peel/taint concepts, attribution limits |
| cross-chain-clustering-techniques-agent | Multi-chain clustering: bridges, wrapped assets, unified graphs, timing/behavior, confidence scoring |
| blockchain-analytics-operations | Analytics platforms, AML/forensic use cases, tracers/visualizers as product layers |
| blockchain-spider-toolkit | BlockchainSpider — Python/Scrapy dataset collection (EVM/Solana blocks/txs, transfer subgraphs); not web crawling |
| mots-transaction-semantics | MoTS — KYT / transaction semantic vectors & labels (research); upstream notes merge into BlockchainSpider |
| impersonator-dapp-devtools | Impersonator / Solana — WalletConnect-style address presentation for dApp UI testing (no key custody; ethics-heavy) |
| on-chain-research-tokenomics | Holdings/flows/TVL/whales, tokenomics (supply, vesting, utility) |
| crypto-investigation-compliance | Crime taxonomy, ethical OSINT + on-chain workflow, reporting posture |
| phalcon-compliance-documentation | Phalcon Compliance public documentation portal — compliance investigation / monitoring product docs (read live site for features) |
| chainalysis-sanctions-screening | Chainalysis public Sanctions API + EVM oracle — SDN-oriented address checks; live docs/Terms; optional repo |
| fatf-glossary-reference | FATF Glossary — official AML/CFT definitions; terminology alignment (not legal advice) |
| arkham-leading-crypto-analysis-tools | Arkham research — fundamental / technical / on-chain tool survey for traders (not investment advice) |
| cmichel-smart-contract-auditor-guide | cmichel.io — EVM auditor learning path, CTFs, canonical DeFi patterns, FAQ (2021 article; verify stale facts) |
| risk-exposure-screening-concepts | Risk exposure vocabulary: indicator taxonomies, exposure value/%, address vs transaction templates (entity, interaction, blacklist) — educational |
| behavioral-risk-screening-concepts | Behavioral patterns: large-value, high-frequency / structuring-like, transit addresses, rapid-transaction rules — educational |
| address-screening-workflow-concepts | Address inventory: tags vs markers, CSV bulk import, list/detail pages, audit/alert views, blacklist/whitelist semantics — educational |
| transaction-screening-workflow-concepts | Transaction screening: transfer as unit, deposit/withdrawal direction, CSV import, list/detail, rescreen, STR-style export patterns — educational |
| bellingcat-investigation-toolkit | Bellingcat OSINT toolkit: GitBook + GitHub catalog for general investigation tool discovery |
| crypto-market-structures | Max pain, covered-call ETFs, arbitrage, bull/bear flags (non-prescriptive) |
| on-chain-investigator-agent | End-to-end forensic investigator persona: tracing, contracts, scam heuristics, evidence reports, ethics |
| solana-tracing-specialist | Solana-only forensics: ATAs, SPL flows, RPC/indexer patterns, Jito/DEX inner ix, evidence packs |
| solana-onchain-intelligence-resources | Resource router for Solana intel stacks: Helius, Range MCP, Tavily, PayAI x402, React Flow, Solana Foundation skills ( |
| range-ai-investigation-playbook | Range AI MCP investigation workflow: risk triage, sanctions, connections, transfers, funding source, entities, cross-chain pivot + one-shot prompt |
| solana-clustering-advanced | Solana entity clustering: graphs, Jito/launchpad heuristics, PDAs, ML validation, confidence scoring |
| solana-clustering-case-study-agent | Solana clustering → case studies: narrative, visuals, CSV/query exports, thread or long-form |
| defi-security-audit-agent | DeFi security / rug-risk triage: contracts, liquidity, governance, bridges, severity reports from public data |
| defi-admin-takeover-mitigation-lessons | Privileged access failures—signer hygiene, Solana durable nonces, oracle/collateral abuse, monitoring—using Chainalysis Drift analysis as case anchor |
| evm-solidity-defi-triage-agent | EVM Solidity DeFi triage: proxies, oracles, reentrancy, access control (Ethereum / L2) |
| honeypot-detection-techniques | Honeypot-style risk: EVM/SPL patterns, static review, fork sim, observational heuristics |
| rug-pull-pattern-detection-agent | Launch rug-risk: liquidity locks/removal, dev/sniper clusters, contract authorities, tiered scores |
| mev-bot-rug-coordination-investigator-agent | MEV + rug overlap: bundle/block co-occurrence, timing, joint flows, confidence-scored hypotheses |
| flash-loan-exploit-investigator-agent | Flash-loan / atomic exploit post-mortems (EVM + Solana): traces, impact, evidence packs, mitigations |
| sandwich-attack-investigator-agent | Sandwich / DEX MEV post-mortems: same-block or bundle ordering, victim vs searcher metrics, mitigations |
| mev-bot-infrastructure-analysis-agent | MEV infrastructure: searchers, bundles/builders/relays, strategies, profit paths, centralization metrics (public data) |
| solana-defi-vulnerability-analyst-agent | Solana DeFi program risks: Anchor/PDAs/CPIs, oracles, pools, SPL, safe repro / severity reporting |
| sealevel-attacks-solana | sealevel-attacks — Anchor-based exploit / mitigation pattern examples for the Solana VM (educational; defensive use) |
| neodyme-solana-security-workshop | workshop.neodyme.io / neodyme-breakpoint-workshop — Solana security levels, PoC framework, mdBook source (follow site legal notice) |
| osec-solana-auditor-introduction | Osec blog — auditor-oriented runtime intro (BPF, accounts, System Program; 2022; verify docs) |
| armaniferrante-x-status-solana-reference | @armaniferrante X post bookmark — open URL for verbatim text; not a spec |
| katana-web-crawling | ProjectDiscovery Katana install, crawl vs headless, scope, rate limits, pipelines |
| lcamtuf-afl-documentation | lcamtuf AFL — American Fuzzy Lop classic coverage-guided fuzzing docs (C/C++); compare AFL++ for current fork tooling |
| agentskills-specification | agentskills/agentskills — Agent Skills open format; llms.txt index → specification.md, integrate-skills.md |
| 技能 | 使用场景 |
|---|---|
| blockchain-intelligence-playbook | 本索引——涉及多个领域时用于路由 |
| blockchain-intelligence-fundamentals | 区块链智能的定义、工具类别(浏览器、追踪器等)、支付网络vs加密网络 |
| address-clustering-attribution | 钱包聚类(UTXO CIH、EVM存款归集)、实体/标签/标记、剥离/污染概念、归因限制 |
| cross-chain-clustering-techniques-agent | 多链聚类:跨链桥、封装资产、统一图谱、时间/行为特征、置信度评分 |
| blockchain-analytics-operations | 分析平台、反洗钱/取证用例、追踪器/可视化工具作为产品层 |
| blockchain-spider-toolkit | BlockchainSpider — Python/Scrapy数据集收集(EVM/Solana区块/交易、转账子图);非网络爬虫 |
| mots-transaction-semantics | MoTS — KYT / 交易语义向量与标签(研究);上游笔记整合至BlockchainSpider |
| impersonator-dapp-devtools | Impersonator / Solana版 — WalletConnect风格的地址展示工具,用于dAppUI测试(无密钥托管;需注重伦理) |
| on-chain-research-tokenomics | 持仓/流向/锁仓量/巨鲸、通证经济学(供应量、解锁机制、效用) |
| crypto-investigation-compliance | 犯罪分类、合规性开源情报+链上流程、报告规范 |
| phalcon-compliance-documentation | Phalcon Compliance公共文档门户——合规调查/监控产品文档(请访问官网获取最新功能) |
| chainalysis-sanctions-screening | Chainalysis公共制裁API + EVM预言机——面向SDN的地址核查;含实时文档/条款;可选仓库** |
| fatf-glossary-reference | FATF术语表 — 官方反洗钱/反恐怖融资定义;术语对齐(不构成法律建议) |
| arkham-leading-crypto-analysis-tools | Arkham研究 — 面向交易者的基本面/技术面/链上工具调研(不构成投资建议) |
| cmichel-smart-contract-auditor-guide | cmichel.io — EVM审计师学习路径、CTF比赛、经典DeFi模式、常见问题(2021年文章;请核实过时信息) |
| risk-exposure-screening-concepts | 风险敞口术语:指标分类、敞口价值/占比、地址vs交易模板(实体、交互、黑名单)——教育性内容 |
| behavioral-risk-screening-concepts | 行为模式:大额交易、高频/结构化交易、中转地址、快速交易规则——教育性内容 |
| address-screening-workflow-concepts | 地址管理:标签vs标记、CSV批量导入、列表/详情页、审计/告警视图、黑白名单语义——教育性内容 |
| transaction-screening-workflow-concepts | 交易筛查:以转账为单位、存提方向、CSV导入、列表/详情页、重新筛查、类STR导出模式——教育性内容 |
| bellingcat-investigation-toolkit | Bellingcat开源情报工具包:GitBook + GitHub目录,用于通用调查工具探索 |
| crypto-market-structures | 最大痛点、备兑看涨ETF、套利、多空信号(非指导性) |
| on-chain-investigator-agent | 端到端取证调查角色:追踪、合约、诈骗启发式规则、证据报告、伦理规范 |
| solana-tracing-specialist | 仅限Solana的取证:ATA、SPL流向、RPC/索引器模式、Jito/DEX内部指令、证据包 |
| solana-onchain-intelligence-resources | Solana智能技术栈资源路由:Helius、Range MCP、Tavily、PayAI x402、React Flow、Solana基金会技能( |
| range-ai-investigation-playbook | Range AI MCP调查流程:风险分级、制裁、关联关系、转账、资金来源、实体、跨链转向+一次性提示词 |
| solana-clustering-advanced | Solana实体聚类:图谱、Jito/launchpad启发式规则、PDA、机器学习验证、置信度评分 |
| solana-clustering-case-study-agent | Solana聚类→案例研究:叙事、可视化、CSV/查询导出、推文或长文 |
| defi-security-audit-agent | DeFi安全/跑路风险分级:合约、流动性、治理、跨链桥、基于公开数据的风险报告 |
| defi-admin-takeover-mitigation-lessons | 特权访问失败案例——签名者安全规范、Solana持久化随机数、预言机/抵押品滥用、监控——以Chainalysis Drift分析为案例 |
| evm-solidity-defi-triage-agent | EVM Solidity DeFi分级处理:代理合约、预言机、重入攻击、访问控制(以太坊/L2) |
| honeypot-detection-techniques | 蜜罐式风险:EVM/SPL模式、静态审查、分叉模拟、观测启发式规则 |
| rug-pull-pattern-detection-agent | 项目上线跑路风险:流动性锁定/移除、开发者/狙击手聚类、合约权限、分级评分 |
| mev-bot-rug-coordination-investigator-agent | MEV + 跑路关联:打包/区块共现、时间特征、联合流向、置信度评分假设 |
| flash-loan-exploit-investigator-agent | 闪电贷 / 原子漏洞事后分析(EVM + Solana):追踪、影响、证据包、缓解方案 |
| sandwich-attack-investigator-agent | 三明治 / DEXMEV事后分析:同区块或打包排序、受害者vs搜索者指标、缓解方案 |
| mev-bot-infrastructure-analysis-agent | MEV****基础设施:搜索者、打包者/构建者/中继、策略、盈利路径、中心化指标(公开数据) |
| solana-defi-vulnerability-analyst-agent | Solana DeFi程序风险:Anchor/PDA/CPI、预言机、资金池、SPL、安全复现/风险报告 |
| sealevel-attacks-solana | sealevel-attacks — 基于Anchor的漏洞/缓解模式示例,针对Solana虚拟机(教育性;防御用途) |
| neodyme-solana-security-workshop | workshop.neodyme.io / neodyme-breakpoint-workshop — Solana安全等级、PoC框架、mdBook源码(请遵循网站法律声明) |
| osec-solana-auditor-introduction | Osec博客 — 面向审计师的运行时入门(BPF、账户、系统程序;2022年发布;请核实文档) |
| armaniferrante-x-status-solana-reference | @armaniferrante的X帖子书签——打开URL查看原文;非规范文档 |
| katana-web-crawling | ProjectDiscovery Katana安装、爬虫vs无头模式、范围、速率限制、流水线 |
| lcamtuf-afl-documentation | lcamtuf AFL — American Fuzzy Lop经典覆盖率引导模糊测试文档(C/C++);可对比**AFL++**获取当前分支工具 |
| agentskills-specification | agentskills/agentskills — Agent Skills开放格式;llms.txt索引 → specification.md、integrate-skills.md |
Quality checklist (all domains)
质量检查清单(所有领域)
- Separate fact vs inference vs hypothesis
- Cite sources for claims about entities or legal outcomes
- Prefer primary docs for ETFs, sanctions, and filings
- For clustering/attribution, assume probabilistic outputs
When one subdomain clearly dominates the request, prefer loading that named skill directly instead of this index.
- 区分事实、推论与假设
- 针对实体或法律结果的声明需引用来源
- 优先使用ETF、制裁和备案文件的原始文档
- 对于聚类/归因,默认输出为概率性结果
当请求明显聚焦于某个子领域时,优先直接加载对应的指定技能,而非本索引。