Security & Fraud Agents
Nine Claude Code subagents for fraud detection, rug pull screening, Sybil detection, wallet auditing, AML scoring, reputation scoring, compliance screening, and real-time transaction monitoring.
Security & Fraud Agents¶
Nine agents covering the full spectrum of blockchain security - from instant fraud scoring to batch Sybil detection, multi-signal wallet audits, and real-time transaction monitoring.
Setup required: For AI Agents - MCP registration and agent installation.
chainaware-fraud-detector¶
Role: Real-time fraud risk assessor for individual wallet addresses.
What it does: Calls predictive_fraud for a given wallet address and returns a structured fraud risk assessment. Classifies the result as low, medium, or high risk with an explanation of contributing signals. Suitable as a first-pass filter before any transaction or onboarding decision.
Tools used: predictive_fraud
Model: Claude Haiku 4.5 (fast, cost-efficient)
Example invocation:
@chainaware-fraud-detector Assess the fraud risk for wallet 0xABC...123
Output includes:
- Fraud risk score (0.0-1.0)
- Risk classification (low / medium / high)
- Key signals driving the score
- Recommended action
chainaware-rug-pull-detector¶
Role: Token rug pull risk assessor combining token-level and deployer-level signals.
What it does: Takes a token contract address and assesses rug pull probability by calling both predictive_rug_pull (token-level signals) and predictive_fraud (deployer wallet signals). Synthesises both scores into a combined risk verdict with specific red flags highlighted.
Tools used: predictive_rug_pull, predictive_fraud
Model: Claude Haiku 4.5
Example invocation:
@chainaware-rug-pull-detector Is token 0xTOKEN...456 a rug pull risk?
Output includes:
- Token rug pull probability score
- Deployer fraud risk score
- Combined risk verdict
- Specific red flags (liquidity, holder concentration, deployer history)
- Invest / avoid recommendation
chainaware-wallet-auditor¶
Role: Comprehensive wallet risk audit combining fraud, behaviour, and token exposure.
What it does: The most thorough single-wallet agent. Runs predictive_fraud, predictive_behaviour, and predictive_rug_pull (on held tokens where relevant) to produce a full wallet audit report. Suitable for high-stakes decisions: lending approvals, large withdrawals, VIP onboarding.
Tools used: predictive_behaviour
Model: Claude Haiku 4.5
Example invocation:
@chainaware-wallet-auditor Run a full audit on wallet 0xWALLET...789
Output includes:
- Overall risk rating (1-10 scale)
- Fraud risk assessment
- Behavioural profile summary (DeFi activity, trading patterns, wallet age)
- Token exposure risks
- Detailed findings and recommendations
chainaware-trust-scorer¶
Role: Assigns a human-readable trust score to a wallet for display in dApps and dashboards.
What it does: Calls predictive_fraud and converts the raw score into a trust tier (Trusted / Caution / Risky / Blocked) with a short label suitable for UI display. Designed for integration into wallet connection flows and user profiles.
Tools used: predictive_fraud
Model: Claude Haiku 4.5
Example invocation:
@chainaware-trust-scorer What trust tier is wallet 0xUSER...321?
Output includes:
- Trust tier (Trusted / Caution / Risky / Blocked)
- Trust score (0-100)
- One-line display label for UI
- Whether to allow, warn, or block the user
chainaware-aml-scorer¶
Role: AML (Anti-Money Laundering) risk screener for regulatory compliance workflows.
What it does: Scores a wallet for AML risk using predictive_fraud signals, then maps the result to AML risk categories consistent with FATF guidance (low / medium / high / very high). Produces a compliance-ready risk assessment with audit trail language.
Tools used: predictive_fraud
Model: Claude Haiku 4.5
Example invocation:
@chainaware-aml-scorer Run an AML risk screen on wallet 0xCOUNTERPARTY...654
Output includes:
- AML risk category (Low / Medium / High / Very High)
- Fraud signals mapped to AML risk factors
- Recommended due diligence level (simplified / standard / enhanced)
- Compliance-ready summary paragraph
chainaware-reputation-scorer¶
Role: On-chain reputation scoring based on behavioural patterns, not just fraud signals.
What it does: Combines predictive_behaviour (engagement patterns, DeFi history, wallet age, activity diversity) with predictive_fraud (negative signals) to produce a positive reputation score. Useful for rewarding good actors: airdrop eligibility, loyalty tiers, governance weighting.
Tools used: predictive_behaviour
Model: Claude Haiku 4.5
Example invocation:
@chainaware-reputation-scorer Score the on-chain reputation of wallet 0xPOWER...USER
Output includes:
- Reputation score (0-100)
- Reputation tier (Bronze / Silver / Gold / Platinum)
- Positive behavioural signals (DeFi participation, tenure, diversity)
- Negative signals (fraud risk deductions)
- Recommended reward or access tier
chainaware-compliance-screener¶
Role: Orchestrates multi-step compliance screening for regulated entities.
What it does: Uses Claude's agent capability to run a structured compliance screening workflow across multiple wallets or a single wallet with multiple checks. Calls predictive_fraud and organises results into a compliance report format suitable for submission or audit. Can screen batches of wallets when given a list.
Tools used: Agent, predictive_fraud, predictive_rug_pull, predictive_fraud_batch, check_job_status, get_job_results
Model: Claude Haiku 4.5
Example invocation:
@chainaware-compliance-screener Screen these wallets for compliance: 0xA..., 0xB..., 0xC...
Output includes:
- Per-wallet risk classification
- Aggregate screening summary
- Pass / Review / Reject recommendation per wallet
- Compliance report formatted for record-keeping
chainaware-transaction-monitor¶
Role: Real-time transaction risk monitor that evaluates sender, receiver, and token simultaneously.
What it does: Given a pending transaction (sender address, receiver address, token address), runs predictive_fraud on both parties and predictive_rug_pull on the token, then synthesises all three signals into a transaction-level risk verdict. Designed to be called at transaction submission time in DeFi protocols and exchanges.
Tools used: predictive_fraud, predictive_rug_pull, predictive_behaviour
Model: Claude Haiku 4.5
Example invocation:
@chainaware-transaction-monitor Monitor this transaction: sender 0xSENDER, receiver 0xRECV, token 0xTOKEN
Output includes:
- Sender fraud risk
- Receiver fraud risk
- Token rug pull risk
- Combined transaction risk score
- Allow / Flag / Block recommendation
- Reason for any flag or block
chainaware-sybil-detector¶
Role: Batch-screens wallet lists for Sybil attacks, coordinated wallet farms, and proxy voting fraud.
What it does: Takes a list of wallet addresses and applies four pattern detection rules across the full set to identify coordinated Sybil operations. Detects wallet farms (wallets with matching experience scores created in the same period), fraud concentration (20%+ of wallets with elevated fraud probability), new wallet surges (30%+ with minimal on-chain history), and uniform risk profiles (60%+ sharing identical behavioural categories). Each wallet receives an ELIGIBLE / REVIEW / EXCLUDE classification.
Tools used: predictive_behaviour, predictive_fraud
Model: Claude Haiku 4.5
Example invocation:
@chainaware-sybil-detector Screen these wallets for Sybil activity before the airdrop: [0xA, 0xB, 0xC, 0xD]
Output includes:
- Per-wallet classification (ELIGIBLE / REVIEW / EXCLUDE)
- Fraud probability per wallet
- Cluster analysis flags (coordinated creation patterns, matching behavioural profiles)
- Sybil risk summary: % flagged per detection rule
- Cleaned eligible list ready for use
Further Reading¶
- Web3 Fraud Detection for DApps in 2026
- ChainAware's 32 Claude Sub-Agents - Fraud Tech and Growth Tech
These agents are a starting point. ChainAware's full Transaction Monitoring product includes dashboard, webhooks, and real-time alerting.
Talk to the Team → ← Back to All Agents