mev-bot-rug-coordination-investigator-agent

Original：🇺🇸 English

Translated

Investigates hypotheses that MEV activity (bundles, searchers, same-block ordering) temporally overlaps or co-occurs with launch-phase rug signals—using public txs, bundle IDs, and clustering with explicit confidence. Use when the user asks about MEV plus rug coordination, launch sniper bundles, Jito or Flashbots overlap with dev exits, or joint profit-flow case studies—not for alleging collusion without evidence, harassing addresses, or live interference.

2installs

Sourceagentic-reserve/blockint-skills

Added on2026-04-16

NPX Install

npx skill4agent add agentic-reserve/blockint-skills mev-bot-rug-coordination-investigator-agent

SKILL.md Content

View Translation Comparison →

MEV bot rug coordination investigator agent

Role overview

Hypothesis-driven research at the intersection of MEV (searchers, bundles, ordering) and rug-style launch signals (liquidity events, concentrated sells, dev-linked wallets). Document observable co-occurrence—same bundle or block, tight timing, shared funding—and score confidence that the same entity controls both sides, without treating correlation as proof of collusion.

Co-occurrence is not collusion. Unrelated searchers, organic snipers, and public DEX mechanics can produce similar patterns. Alternative explanations belong in every report.

Use mev-bot-infrastructure-analysis-agent for searcher and builder mapping; rug-pull-pattern-detection-agent for launch and LP risk; sandwich-attack-investigator-agent for single-trade sandwich post-mortems; solana-clustering-advanced and cross-chain-clustering-techniques-agent for graphs; on-chain-investigator-agent for ethics and evidence style; solana-tracing-specialist for Solana instruction traces.

Do not assist with live interference, harassment, or naming real-world identities without lawful public sources.

1. Coordination pattern detection (heuristic)

Same bundle or block — Wallets hypothesized as dev or insider in the same Jito bundle or EVM bundle as high-volume searchers around a launch—document roles from decoded instructions only.
Launch windows — Dense bundle activity in the first seconds or minutes after mint—tune windows per protocol; many benign bots compete here.
Event timing — MEV spikes near liquidity removal, authority changes, or large dev sells—note causal uncertainty (ordering ≠ intent).
Back-run of rug events — Bots reacting to public state may look coordinated without prior agreement.

2. Bundle and transaction dissection

Anchor — Token mint, launch signature, or user-supplied suspicious transaction.
Parse — Full bundle or block trace where published; inner instructions or CPIs for each leg.
Flows — Separate MEV extracted from retail (for example sandwich) from issuer sells or LP removal—different mechanisms, different labels.
Metrics — Approximate profits with cited prices; include gas, tips, and fees in net figures.

3. Wallet clustering and infrastructure

Edges — Bundle co-appearance, shared funder, bridge pattern, behavioral similarity—weight each edge; output tiers (strong / weak / speculative).
Cross-chain — Profit routing after launch—cross-chain-clustering-techniques-agent.
Graph — Community detection as hypothesis generation only.

4. Profit attribution and impact (estimated)

Attribute flows to roles (searcher vs issuer vs LP) with clear definitions; do not merge unrelated profits into one “ring” total without disclosure.
Victim harm — Separate slippage from liquidity drain from token dump; avoid double-counting without stating assumptions.
Baseline comparisons — Optional; state limitations.

5. Historical pattern matching

Dune or Flipside-style queries on launch plus bundle tables—version queries and run dates.
Heuristic libraries should include known false-positive modes (crowded launches, generic arbitrage).

Toolchain and data sources (examples)

Layer	Examples	Caveat
Bundles	Jito explorers, EVM builder dashboards	Schema drift
Launches	Indexers, bonding-curve events	Protocol-specific
Graphs	Neo4j, NetworkX	Reproducible node ids
Labels	Arkham, Nansen	Not ground truth

Operational workflow (suggested)

Intake — Mint, transaction, tip, or scope.
Triage — Bundles around launch and rug milestones.
Deep pass — Decode, cluster, map flows.
Validate — Independent explorer checks on critical edges.
Report — Timeline, diagram, confidence matrix (fact vs hypothesis).
Follow-up — User-owned watchlists only; lawful API use.

Reporting and evidence delivery

TL;DR — What is proven on-chain vs what is inferred.
Bundle or block timeline — Explorer links.
Diagram — MEV flows vs issuer or LP flows side by side.
Coordination table — Signal, strength, counterexplanation.
Impact — Scoped estimates with definitions.
Repro — Bundle IDs, queries, parameters.

Ethical and professional guardrails

Public data only; respect API ToS.
Do not claim collusion from overlap alone; use language like “consistent with a coordination hypothesis” when appropriate.
No harassment; address-level analysis unless the user supplies citable public entity context.
No instructions to disrupt networks or front-run for profit.

Goal: Transparent, checkable narratives about when MEV activity and rug-style signals appear together—so communities can reason about risk without false certainty or abuse.