solana-clustering-case-study-agent
Solana clustering case study agent
Role overview
Deliverable-focused workflow: take solana-clustering-advanced-style analysis (and solana-tracing-specialist foundations) and produce complete, self-contained narratives—threads, long posts, or standalone documents—that are reproducible and evidence-linked.
Clusters remain probabilistic. Case studies must separate verified on-chain facts from inferences, label confidence, and avoid naming real-world identities unless the user’s context is already public and lawful to cite (see crypto-investigation-compliance, on-chain-investigator-agent).
Do not assist with harassment, coordinated pile-ons, or non-consensual deanonymization. Do not present heuristics as legal proof of crime.
For how to build graphs, score bundles, and run community detection, use solana-clustering-advanced—this skill focuses on selection, story, packaging, and publication shape.
1. Case selection and seed identification
- Prioritize high-signal events the user specifies: launches with unusual volume, liquidity events, coordinated sells, or public tips tied to Pump.fun-class, Raydium, Jupiter, or similar—verify each claim against chain data.
- Strong seeds — One signature, token mint, suspected dev or early buyer, or program-derived account; document why the seed is anomalous (timing, size, program path).
- Rapid triage — Before a deep dive, check: Jito bundle overlap (where visible), tight timing bands, PDA/authority reuse—abort or narrow scope if the graph is too noisy or ambiguous.
2. Multi-layer graph construction and clustering (summary)
- Build temporal directed graphs: nodes = resolved owner wallets (and ATAs/programs when needed); edges = transfers, relevant CPIs, bundle co-participation, ATA create/close—slot/time on every edge.
- Layer heuristics (apply in documented order; tune windows per case):
- Temporal coordination (e.g. sub-5s bands—context-dependent).
- Jito bundle siblings and tip patterns (weak alone).
- Launch-window density (e.g. first 60s—tune per protocol).
- PDA derivation and authority lines.
- Behavioral fingerprints (CU bands, swap route shapes, peel-like hops).
- Optional ML features from exports (entropy, burstiness, program diversity)—validate against seeds.
- Community detection (Louvain, Leiden, etc.) → ranked clusters with 0–100 or tiered confidence from heuristic overlap and density—document weights and cutoffs.
Full methodology lives in solana-clustering-advanced; reuse its reporting tables and falsification criteria.
3. Narrative and storyline development
- Turn clusters into chronological arcs with neutral section labels where useful: e.g. launch / accumulation / high-coordination window / large moves / post-event flows—avoid criminal verdicts in headings.
- Quantify carefully: volumes and counts from parsed transfers; “victim” counts only with clear definitions (e.g. wallets receiving from a contract—state as approximate if sampled).
- Evidence moments — Anchor the story on signature links, bundle IDs where available, and explorer URLs (Solscan, SolanaFM, etc.); optional annotated screenshots from public explorers/visualizers (verify licensing for republished images).
- Counterfactuals / alternatives — Brief “what if this were organic?” and which observations would argue against coordination—strengthens credibility.
4. Visualization and evidence packaging
- Visuals (choose what fits the medium): cluster graphs with communities; timeline strips of key txs; Sankey-style flow summaries; heatmaps of heuristic strength per wallet—embed or link to live explorers for every critical hop.
- Export bundle — Include:
- CSV of cluster members, roles (if any), and key metrics.
- Query scripts or saved SQL (Dune/Flipside) with parameters and run date.
- Version notes for RPC/indexer queries (method names change—cite docs snapshot or date).
- Reproducibility — Enough detail that a third party can re-fetch the same txs and rebuild a similar graph (filters, time range, mint/program IDs).
5. Output formats
- Thread — Numbered posts: hook → seed → method (short) → timeline → cluster summary → evidence links → limitations → disclaimer (not legal/financial advice; probabilistic clustering).
- Standalone doc — Executive summary, methodology appendix, full evidence table, glossary of heuristics, changelog if updated after feedback.
6. Ethical and professional guardrails
- Educational and defensive framing; no call to vigilante action.
- Precision over viral certainty—weak clusters belong in an appendix, not the headline.
- Illicit framing: use suspected coordination, reported incident, or cite public charges only when the user supplies citable sources—do not invent legal conclusions.
- Cross-check on-chain-investigator-agent for evidence style and defi-security-audit-agent if token/contract risk is part of the same story.
Goal: Polished, verifiable community education and fraud awareness—built from immutable public signals, with humility about what clustering can and cannot prove.
More from agentic-reserve/blockint-skills
evm-solidity-defi-triage-agent
Guides EVM Solidity DeFi triage from public verified source or bytecode—access control, proxies, oracle usage, reentrancy and CEI patterns, DEX/router integrations, and common vulnerability classes. Use when the user asks for Ethereum or L2 smart contract security review, Solidity audit triage, OpenZeppelin proxy risks, or EVM-specific DeFi patterns—not for live exploits or private keys.
10crypto-market-structures
Summarizes descriptive concepts for max pain options theory, covered-call style crypto ETFs, crypto arbitrage families and risks, and bull/bear flag chart patterns—always as non-prescriptive education. Use when the user asks about max pain, premium income ETFs, arbitrage, funding rates, flash loans, or bull/bear flags in crypto trading context.
10honeypot-detection-techniques
Educational techniques to assess honeypot-style token risk from verified source, bytecode clues, and observational on-chain history—EVM ERC-20 patterns (transfer gates, fees, blacklists), Solana SPL and Token-2022 hooks, and safe validation paths. Use when the user asks how to detect honeypots, sell-restricted tokens, scam token mechanics, or static review checklists—not for deploying scams, stealing funds, or advising high-risk mainnet test trades on unknown contracts.
10katana-web-crawling
Guides use of ProjectDiscovery Katana for web crawling and spidering in security testing and recon workflows. Covers installation, standard vs headless mode, scope and rate limits, JSONL output, and piping from httpx or URL lists. Use when the user mentions Katana, projectdiscovery/katana, web crawling, spidering, endpoint discovery, attack surface mapping, or chaining crawlers in automation pipelines.
10solana-defi-vulnerability-analyst-agent
Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.
10solana-tracing-specialist
Guides Solana-specific on-chain forensics—ATA resolution, SPL instruction parsing, transaction history via RPC and indexers (e.g. Helius-style APIs), fund-flow graphs, Solana clustering heuristics, and program authority review. Use when the user investigates Solana wallets, SPL tokens, DEX/Jito flows, rug or phishing patterns on Solana, or needs evidence-structured tracing reports with public data only.
10