← 返回
未分类 中文

Pilot Fraud Detection Pipeline Setup

Deploy a fraud detection pipeline with 4 agents. Use this skill when: 1. User wants to set up real-time transaction monitoring with escalation through analys...
使用4个代理部署欺诈检测管道。适用场景:1. 需要实时交易监控并通过分析进行升级。
teoslayer teoslayer 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 369
下载
💾 0
安装
1
版本
#latest

概述

Fraud Detection Pipeline Setup

Deploy 4 agents: monitor, pattern-analyzer, investigator, and enforcer.

Roles

RoleHostnameSkillsPurpose
---------------------------------
monitor-monitorpilot-stream-data, pilot-event-filter, pilot-cron, pilot-metricsWatches transactions, flags suspicious activity
pattern-analyzer-pattern-analyzerpilot-event-filter, pilot-archive, pilot-priority-queueBehavioral analysis on flagged transactions
investigator-investigatorpilot-task-router, pilot-audit-log, pilot-datasetAssembles evidence, recommends actions
enforcer-enforcerpilot-blocklist, pilot-webhook-bridge, pilot-audit-log, pilot-alertExecutes blocks, feeds back to monitor

Setup Procedure

Step 1: Ask the user which role this agent should play and what prefix to use.

Step 2: Install the skills for the chosen role:

# For monitor:
clawhub install pilot-stream-data pilot-event-filter pilot-cron pilot-metrics
# For pattern-analyzer:
clawhub install pilot-event-filter pilot-archive pilot-priority-queue
# For investigator:
clawhub install pilot-task-router pilot-audit-log pilot-dataset
# For enforcer:
clawhub install pilot-blocklist pilot-webhook-bridge pilot-audit-log pilot-alert

Step 3: Set the hostname and write the manifest to ~/.pilot/setups/fraud-detection-pipeline.json.

Step 4: Tell the user to initiate handshakes with the peers for their role.

Manifest Templates Per Role

monitor

{
  "setup": "fraud-detection-pipeline", "role": "monitor", "role_name": "Transaction Monitor",
  "hostname": "<prefix>-monitor",
  "skills": {
    "pilot-stream-data": "Ingest real-time transaction streams from payment processors.",
    "pilot-event-filter": "Apply velocity checks, amount thresholds, and geo rules.",
    "pilot-cron": "Run scheduled batch scans for dormant account reactivation patterns.",
    "pilot-metrics": "Track flagging rates, false positive ratios, and latency."
  },
  "data_flows": [
    { "direction": "send", "peer": "<prefix>-pattern-analyzer", "port": 1002, "topic": "flagged-transaction", "description": "Transactions exceeding risk thresholds" },
    { "direction": "receive", "peer": "<prefix>-enforcer", "port": 1002, "topic": "blocked-entity", "description": "Blocked entities for rule updates" }
  ],
  "handshakes_needed": ["<prefix>-pattern-analyzer", "<prefix>-enforcer"]
}

pattern-analyzer

{
  "setup": "fraud-detection-pipeline", "role": "pattern-analyzer", "role_name": "Pattern Analyzer",
  "hostname": "<prefix>-pattern-analyzer",
  "skills": {
    "pilot-event-filter": "Score transactions by device fingerprint, geo-velocity, and MCC patterns.",
    "pilot-archive": "Store behavioral profiles and historical pattern data.",
    "pilot-priority-queue": "Prioritize high-risk cases for immediate investigation."
  },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-monitor", "port": 1002, "topic": "flagged-transaction", "description": "Flagged transactions to analyze" },
    { "direction": "send", "peer": "<prefix>-investigator", "port": 1002, "topic": "high-risk-case", "description": "High-risk cases with behavioral analysis" }
  ],
  "handshakes_needed": ["<prefix>-monitor", "<prefix>-investigator"]
}

investigator

{
  "setup": "fraud-detection-pipeline", "role": "investigator", "role_name": "Case Investigator",
  "hostname": "<prefix>-investigator",
  "skills": {
    "pilot-task-router": "Route cases to specialized investigation workflows.",
    "pilot-audit-log": "Maintain chain-of-custody documentation for all evidence.",
    "pilot-dataset": "Cross-reference against known fraud pattern databases."
  },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-pattern-analyzer", "port": 1002, "topic": "high-risk-case", "description": "Cases requiring investigation" },
    { "direction": "send", "peer": "<prefix>-enforcer", "port": 1002, "topic": "fraud-verdict", "description": "Verdicts with recommended enforcement actions" }
  ],
  "handshakes_needed": ["<prefix>-pattern-analyzer", "<prefix>-enforcer"]
}

enforcer

{
  "setup": "fraud-detection-pipeline", "role": "enforcer", "role_name": "Fraud Enforcer",
  "hostname": "<prefix>-enforcer",
  "skills": {
    "pilot-blocklist": "Maintain and enforce block/allow lists for cards, devices, IPs.",
    "pilot-webhook-bridge": "Trigger external actions (freeze accounts, decline transactions).",
    "pilot-audit-log": "Log all enforcement decisions with full justification.",
    "pilot-alert": "Notify fraud operations team of high-severity enforcement actions."
  },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-investigator", "port": 1002, "topic": "fraud-verdict", "description": "Verdicts to enforce" },
    { "direction": "send", "peer": "<prefix>-monitor", "port": 1002, "topic": "blocked-entity", "description": "Blocked entities for detection rule updates" }
  ],
  "handshakes_needed": ["<prefix>-investigator", "<prefix>-monitor"]
}

Data Flows

  • monitor -> pattern-analyzer : flagged transactions exceeding risk thresholds (port 1002)
  • pattern-analyzer -> investigator : high-risk cases with behavioral analysis (port 1002)
  • investigator -> enforcer : fraud verdicts with recommended actions (port 1002)
  • enforcer -> monitor : blocked entities to update detection rules (port 1002)

Workflow Example

# On monitor -- flag suspicious transaction:
pilotctl --json publish <prefix>-pattern-analyzer flagged-transaction '{"txn_id":"TXN-8839201","amount":2499.99,"velocity_1h":7,"risk_score":0.78}'
# On pattern-analyzer -- escalate high-risk case:
pilotctl --json publish <prefix>-investigator high-risk-case '{"case_id":"FRD-4401","risk_score":0.94,"patterns":["geo_impossible","device_mismatch"]}'
# On investigator -- issue verdict:
pilotctl --json publish <prefix>-enforcer fraud-verdict '{"case_id":"FRD-4401","verdict":"confirmed_fraud","action":"block_card_and_reverse"}'
# On enforcer -- block and feed back:
pilotctl --json publish <prefix>-monitor blocked-entity '{"entity_type":"card_hash","entity_id":"c4a2e","case_id":"FRD-4401"}'

Dependencies

Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 12:34 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

Agent Browser

rez0
用于 AI 代理的浏览器自动化 CLI。当用户需要与网站交互(包括浏览页面、填写表单、点击按钮、截图等)时使用。
★ 881 📥 357,510
ai-agent

Find Skills

root
帮助用户发现和安装智能体技能,当用户询问如「如何做X」、「找X的技能」、「有能做...的吗」等问题时
★ 1,545 📥 592,487
it-ops-security

Pilot Priority Queue

teoslayer
基于Pilot协议网络的优先级消息传递,支持紧急程度级别。适用场景:1. 需要处理带优先级的紧急消息...
★ 0 📥 587