Back to Details

range-ai-investigation-playbook

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Range AI — investigation playbook (MCP)

Range AI — 调查手册(MCP)

Educational workflow. Connect Range to your AI client first (Range AI quickstart via the docs index below). Tool names and behaviors change over time—discover pages from the index, then read the current tools reference.
教学用工作流。请先将Range连接到你的AI客户端(通过下方文档索引中的Range AI quickstart)。工具名称功能逻辑会随时间变化,请先从索引中查找对应页面,再阅读最新的工具参考文档。

Documentation index

文档索引

  • Full index: docs.range.org/llms.txt — list all Range documentation pages before deep linking.
  • MCP endpoint: 
    https://api.range.org/ai/mcp
    — requires a Range API key configured in your client (same key as other Range access).
  • 完整索引: docs.range.org/llms.txt — 在深度链接前,先查看所有Range文档页面列表。
  • MCP端点: 
    https://api.range.org/ai/mcp
    — 需要在客户端配置Range API密钥(与其他Range服务使用同一密钥)。

When to use this skill

适用场景

Use for end-to-end address screening and investigation through Range MCP (counterparty, transaction seed, or compliance triage). Pair with crypto-investigation-compliance for ethics and reporting posture, cross-chain-clustering-techniques-agent for multi-hop bridge logic, and solana-tracing-specialist when you leave Range and go deep on Solana RPC parsing.
用于通过Range MCP完成端到端地址筛查与调查(对手方、交易源头或合规分类)。可搭配crypto-investigation-compliance(伦理规范与报告框架)、cross-chain-clustering-techniques-agent(多跳桥接逻辑),以及当你脱离Range深入解析Solana RPC时使用的solana-tracing-specialist

Investigation workflow

调查工作流

1. Risk triage

1. 风险分类

Goal: baseline severity before heavy graph work.
Typical tool: 
get_address_risk
Ask your AI (example):
text
What is the risk score for [address] on [network]?
Interpretation hints:
  • CRITICAL / HIGH → prioritize follow-up and document escalation paths per internal policy.
  • Malicious hops in the provider’s graph view → indirect ties to known bad clusters may still matter.
  • Entity labels (mixer, exchange, sanctioned) → treat as signals, not court findings; verify with primary sources when stakes are high.
目标: 在开展复杂图谱分析前确定基线风险等级。
常用工具: 
get_address_risk
向AI提问示例:
text
What is the risk score for [address] on [network]?
解读提示:
  • CRITICAL(极高) / HIGH(高) → 优先跟进,并根据内部政策记录升级流程。
  • 服务商图谱视图中的恶意跳转节点 → 与已知风险集群的间接关联仍需重视。
  • 实体标签( mixer、交易所、制裁对象)→ 仅作为信号参考,而非司法结论;当风险 stakes较高时,需通过原始来源验证。

2. Sanctions and blacklist check

2. 制裁与黑名单核查

Independent pass on sanctions and token issuer freezes.
Typical tool: 
check_sanctions
Ask your AI (example):
text
Is [address] on any OFAC sanctions list or token blacklist?
Interpretation hints:
  • OFAC-sanctioned flags → compliance escalation per program; not legal advice in this skill.
  • Token blacklist flags → may affect USDT/USDC-style transfers; confirm issuer behavior in current docs.
独立核查制裁名单代币发行方冻结情况。
常用工具: 
check_sanctions
向AI提问示例:
text
Is [address] on any OFAC sanctions list or token blacklist?
解读提示:
  • OFAC制裁标记 → 需按合规流程升级;本技能内容不构成法律建议。
  • 代币黑名单标记 → 可能影响USDT/USDC类转账;需在最新文档中确认发行方的处理规则。

3. Build the connection graph

3. 构建关联图谱

Goal: who the address transacts with most.
Typical tool: 
get_address_connections
Ask your AI (example):
text
Who are the top counterparties for [address] on [network]?
Show their labels if available.
Look for: exchange touchpoints (often traceable), mixers/privacy protocols (elevated risk context), frequent unlabeled peers (new pivots).
目标: 找出该地址最常交易的对象。
常用工具: 
get_address_connections
向AI提问示例:
text
Who are the top counterparties for [address] on [network]?
Show their labels if available.
重点关注: 交易所触点(通常可追踪)、mixer/隐私协议(高风险场景)、频繁交易的未标记主体(新调查方向)。

4. Trace fund flows

4. 追踪资金流向

Goal: amounts, assets, timing, direction.
Typical tools: 
get_transfers
, 
get_transfers_between
Ask your AI (example):
text
Show the largest transfers in and out of [address] in the last 90 days.
Are there any transfers between [address] and [suspicious counterparty]?
Look for: rapid in/out, large notional without clear purpose, bridge legs, time clustering.
目标: 确认金额、资产类型、时间、流向。
常用工具: 
get_transfers
, 
get_transfers_between
向AI提问示例:
text
Show the largest transfers in and out of [address] in the last 90 days.
Are there any transfers between [address] and [suspicious counterparty]?
重点关注: 快速转入转出、无明确用途的大额交易、跨链桥接环节、时间集中的交易集群。

5. Find the origin of funds

5. 溯源资金来源

Goal: initial funding source.
Typical tool: 
get_address_funded_by
Ask your AI (example):
text
What address initially funded [address] and when?
Look for: high-risk or sanctioned funders, exchange withdrawals, or unlabeled chains that need another pivot.
目标: 找出初始资金来源。
常用工具: 
get_address_funded_by
向AI提问示例:
text
What address initially funded [address] and when?
重点关注: 高风险或受制裁的资金提供方、交易所提币记录、需进一步调查的未标记链。

6. Identify unknown counterparties

6. 识别未知对手方

Typical tools: 
search_entities
, 
get_address_info
Ask your AI (example):
text
What entity is [address]? Does Range have labels for it?
Search for entities matching "Binance" on Ethereum.
Look for: exchange infrastructure, mixers, protocol contracts, previously flagged records—always corroborate when conclusions matter.
常用工具: 
search_entities
, 
get_address_info
向AI提问示例:
text
What entity is [address]? Does Range have labels for it?
Search for entities matching "Binance" on Ethereum.
重点关注: 交易所基础设施、mixer、协议合约、已标记记录——当结论至关重要时,务必交叉验证

7. Cross-chain pivot

7. 跨链跳转

If bridges moved value (IBC, CCTP, Wormhole, etc.), continue the same workflow on the destination chain.
Ask your AI (example):
text
Were any funds from [address] bridged to another chain?
If so, what is the risk score of the receiving address on that chain?
Range supports multiple ecosystems—still confirm coverage and tool availability per network in current docs.
若资金通过桥接(IBC、CCTP、Wormhole等)转移至其他链,需在目标链上重复上述工作流。
向AI提问示例:
text
Were any funds from [address] bridged to another chain?
If so, what is the risk score of the receiving address on that chain?
Range支持多生态系统,但仍需在最新文档中确认各网络的覆盖范围工具可用性

One-shot investigation prompt

一次性调查提示词

Paste and adapt (replace bracketed fields):
text
Using Range tools, run a complete investigation on this address:
[address] on [network]

1. Get its risk score and explain the risk level
2. Check if it's on any OFAC sanctions list or token blacklist
3. Show its top 10 counterparties and label any known entities
4. List the 10 largest transfers in the last 6 months
5. Find the original funding source for this address
6. If any transfers crossed chains via a bridge, check the receiving address risk too

Summarize your findings with a risk verdict: LOW / MEDIUM / HIGH / CRITICAL
Include the key evidence that supports your verdict.
复制并调整(替换括号内字段):
text
Using Range tools, run a complete investigation on this address:
[address] on [network]

1. Get its risk score and explain the risk level
2. Check if it's on any OFAC sanctions list or token blacklist
3. Show its top 10 counterparties and label any known entities
4. List the 10 largest transfers in the last 6 months
5. Find the original funding source for this address
6. If any transfers crossed chains via a bridge, check the receiving address risk too

Summarize your findings with a risk verdict: LOW / MEDIUM / HIGH / CRITICAL
Include the key evidence that supports your verdict.

Example (illustrative)

示例(仅供参考)

Address: 
5Q544fKrFoe6tsEbD7S8EmxGTJYAKtTVhAW5Q5pge4j1
(Solana) — documented in Range materials as Raydium protocol–related infrastructure.
  • Very low risk score in example narratives; heavy DeFi counterparty set; no sanctions/blacklist in that example.
  • Use as a shape for how labeled protocol contracts present—not a universal pattern for user wallets.
地址: 
5Q544fKrFoe6tsEbD7S8EmxGTJYAKtTVhAW5Q5pge4j1
(Solana)——Range官方资料标注为Raydium协议相关基础设施。
  • 在示例场景中风险评分极低;主要与DeFi对手方交易;无制裁/黑名单标记。
  • 仅用于展示已标记协议合约的呈现形式,并非用户钱包的通用模式。

Tips

小贴士

  • Start broad, then narrow — risk + connections first, then 
    get_transfers_between
    / transaction detail tools for specific relationships.
  • Time filters — constrain windows around the suspected incident to cut noise.
  • Re-pivot the graph — frequent unlabeled counterparties become new roots for 
    get_address_risk
    .
  • 先广后窄 —— 先做风险评分与关联方查询,再使用
    get_transfers_between
    /交易详情工具聚焦特定关系。
  • 时间过滤 —— 围绕可疑事件限定时间范围,减少无效信息干扰。
  • 重新构建图谱 —— 频繁交易的未标记主体可作为新的调查起点,调用
    get_address_risk
    分析。

Guardrails

约束规则

  • Labels and scores are not legal determinations; OFAC and regulatory obligations need program and legal review.
  • Do not use this playbook to harass, dox, or accuse individuals based on heuristics alone.
  • Do not paste customer PII, case IDs, or non-public investigation data into unsecured chats.
  • Do not assist with sanctions evasion or laundering.
  • 标签与评分不构成法律判定;OFAC及监管义务需经过合规流程法务审核
  • 不得仅凭启发式分析,使用本手册对个人进行骚扰人肉搜索指控
  • 不得在非安全聊天环境中粘贴客户隐私信息(PII)案件编号非公开调查数据
  • 不得协助规避制裁洗钱行为。

Related skills

相关技能

  • solana-onchain-intelligence-resources — Range docs index and MCP pointer; Helius/Tavily cross-links.
  • crypto-investigation-compliance — ethical workflow and crime taxonomy.
  • cross-chain-clustering-techniques-agent — bridge-centric clustering heuristics.
  • on-chain-investigator-agent — broader forensic persona beyond Range MCP.
Goal: a blockint-native checklist that mirrors Range’s investigation playbook while staying aligned with compliance and evidence discipline.
  • solana-onchain-intelligence-resources —— Range文档索引与MCP入口;Helius/Tavily交叉链接。
  • crypto-investigation-compliance —— 伦理工作流与犯罪分类体系。
  • cross-chain-clustering-techniques-agent —— 桥接中心式聚类启发法。
  • on-chain-investigator-agent —— 超越Range MCP的更广泛取证角色。
目标: 打造一份适配区块链情报场景的清单,既与Range的调查手册保持一致,又符合合规与证据规范。