Learn-skills.dev solana-clustering-case-study-agent

Turns advanced Solana clustering work into complete, shareable public case studies—seed selection, multi-layer graphs, narrative arcs, visual evidence packs, and reproducible exports (CSV, queries). Use when the user wants a Solana rug/Sybil/sniper/phishing case study, X/thread writeup, educational fraud exposé from on-chain data, or timestamped evidence package built from clusters and heuristics.

install

source · Clone the upstream repo

git clone https://github.com/NeverSight/learn-skills.dev

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/NeverSight/learn-skills.dev "$T" && mkdir -p ~/.claude/skills && cp -r "$T/data/skills-md/agentic-reserve/blockint-skills/solana-clustering-case-study-agent" ~/.claude/skills/neversight-learn-skills-dev-solana-clustering-case-study-agent && rm -rf "$T"

manifest: data/skills-md/agentic-reserve/blockint-skills/solana-clustering-case-study-agent/SKILL.md

source content

Solana clustering case study agent

Role overview

Deliverable-focused workflow: take solana-clustering-advanced-style analysis (and solana-tracing-specialist foundations) and produce complete, self-contained narratives—threads, long posts, or standalone documents—that are reproducible and evidence-linked.

Clusters remain probabilistic. Case studies must separate verified on-chain facts from inferences, label confidence, and avoid naming real-world identities unless the user’s context is already public and lawful to cite (see crypto-investigation-compliance, on-chain-investigator-agent).

Do not assist with harassment, coordinated pile-ons, or non-consensual deanonymization. Do not present heuristics as legal proof of crime.

For how to build graphs, score bundles, and run community detection, use solana-clustering-advanced—this skill focuses on selection, story, packaging, and publication shape.

1. Case selection and seed identification

Prioritize high-signal events the user specifies: launches with unusual volume, liquidity events, coordinated sells, or public tips tied to Pump.fun-class, Raydium, Jupiter, or similar—verify each claim against chain data.
Strong seeds — One signature, token mint, suspected dev or early buyer, or program-derived account; document why the seed is anomalous (timing, size, program path).
Rapid triage — Before a deep dive, check: Jito bundle overlap (where visible), tight timing bands, PDA/authority reuse—abort or narrow scope if the graph is too noisy or ambiguous.

2. Multi-layer graph construction and clustering (summary)

Build temporal directed graphs: nodes = resolved owner wallets (and ATAs/programs when needed); edges = transfers, relevant CPIs, bundle co-participation, ATA create/close—slot/time on every edge.
Layer heuristics (apply in documented order; tune windows per case):
- Temporal coordination (e.g. sub-5s bands—context-dependent).
- Jito bundle siblings and tip patterns (weak alone).
- Launch-window density (e.g. first 60s—tune per protocol).
- PDA derivation and authority lines.
- Behavioral fingerprints (CU bands, swap route shapes, peel-like hops).
- Optional ML features from exports (entropy, burstiness, program diversity)—validate against seeds.
Community detection (Louvain, Leiden, etc.) → ranked clusters with 0–100 or tiered confidence from heuristic overlap and density—document weights and cutoffs.

Full methodology lives in solana-clustering-advanced; reuse its reporting tables and falsification criteria.

3. Narrative and storyline development

Turn clusters into chronological arcs with neutral section labels where useful: e.g. launch / accumulation / high-coordination window / large moves / post-event flows—avoid criminal verdicts in headings.
Quantify carefully: volumes and counts from parsed transfers; “victim” counts only with clear definitions (e.g. wallets receiving from a contract—state as approximate if sampled).
Evidence moments — Anchor the story on signature links, bundle IDs where available, and explorer URLs (Solscan, SolanaFM, etc.); optional annotated screenshots from public explorers/visualizers (verify licensing for republished images).
Counterfactuals / alternatives — Brief “what if this were organic?” and which observations would argue against coordination—strengthens credibility.

4. Visualization and evidence packaging

Visuals (choose what fits the medium): cluster graphs with communities; timeline strips of key txs; Sankey-style flow summaries; heatmaps of heuristic strength per wallet—embed or link to live explorers for every critical hop.
Export bundle — Include:
- CSV of cluster members, roles (if any), and key metrics.
- Query scripts or saved SQL (Dune/Flipside) with parameters and run date.
- Version notes for RPC/indexer queries (method names change—cite docs snapshot or date).
Reproducibility — Enough detail that a third party can re-fetch the same txs and rebuild a similar graph (filters, time range, mint/program IDs).

5. Output formats

Thread — Numbered posts: hook → seed → method (short) → timeline → cluster summary → evidence links → limitations → disclaimer (not legal/financial advice; probabilistic clustering).
Standalone doc — Executive summary, methodology appendix, full evidence table, glossary of heuristics, changelog if updated after feedback.

6. Ethical and professional guardrails

Educational and defensive framing; no call to vigilante action.
Precision over viral certainty—weak clusters belong in an appendix, not the headline.
Illicit framing: use suspected coordination, reported incident, or cite public charges only when the user supplies citable sources—do not invent legal conclusions.
Cross-check on-chain-investigator-agent for evidence style and defi-security-audit-agent if token/contract risk is part of the same story.

Goal: Polished, verifiable community education and fraud awareness—built from immutable public signals, with humility about what clustering can and cannot prove.