惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
P
Privacy International News Feed
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
NISL@THU
NISL@THU
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
GbyAI
GbyAI
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
CERT Recently Published Vulnerability Notes
N
Netflix TechBlog - Medium
S
Security Affairs
Spread Privacy
Spread Privacy
罗磊的独立博客
腾讯CDC
MyScale Blog
MyScale Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
The Cloudflare Blog
L
LangChain Blog
博客园_首页
H
Hacker News: Front Page
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
博客园 - 聂微东
SecWiki News
SecWiki News
A
Arctic Wolf
爱范儿
爱范儿
Google Online Security Blog
Google Online Security Blog
T
Threat Research - Cisco Blogs
Hacker News - Newest:
Hacker News - Newest: "LLM"
有赞技术团队
有赞技术团队
The GitHub Blog
The GitHub Blog
Cyberwarzone
Cyberwarzone
博客园 - 叶小钗
V
Visual Studio Blog
V
V2EX
T
Tailwind CSS Blog
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
MongoDB | Blog
MongoDB | Blog
D
Docker

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
CredScore: Onchain Wallet Risk Intelligence
waxsway · 2026-06-17 · via Show HN

Deterministic wallet risk scoring built for crypto-native compliance teams. Your first analysis is free. Open the desk →

Explainable onchain risk briefings

Wallet risk you can actually defend in a review

CredScore turns raw wallet activity into a structured analyst briefing: risk tier, decision posture, key signals, and entity context in one view. Every score is traceable back to the behavior that drove it. No black box, no hand-waving.

First analysis is free. No credit card.

Deterministic scoring

Full audit trail

5 EVM chains

Free first analysis

Readable wallet briefings

Turn raw wallet activity into a usable briefing with clear risk framing and supporting context.

Clearer decisions

See the rationale, the flags that matter, and the context behind the outcome in one view.

Built for real review workflows

Analyze a wallet, understand what matters, and move forward without drowning in explorer tabs.

Sample analyst briefing

Live engine output

Risk tier

Wallet 0x4766...86e2, Lazarus-linked. Sanctions cap enforced.

High

Decision posture

Adverse pressure score 71/100. Multiple high-severity signals co-occurring.

Escalate

Key drivers

OFAC sanctions match, mixer interaction pattern, fan-out distribution.

3 flags

Real engine output on a publicly documented attacker wallet. Open the desk to run your own.

Case studyDPRK / Sanctions$1.5B loss

How CredScore flagged the Bybit / Lazarus flow

When Lazarus moved funds from the Bybit exploit, CredScore scored the receiving wallets high-risk with sanctions escalation in under 15 seconds, with the full rationale traceable to specific transaction patterns and entity exposure. Not after the fact. In real time.

Read the full case study →

Supported chainsEthereumBaseArbitrumOptimismPolygon

100%

Deterministic scoring

Built for

Compliance analystsAML investigatorsOn-chain investigatorsProtocol security teams

Real engine output, no marketing screenshots

The Bybit primary exploiter, scored by CredScore

Higher score means lower risk. The same verdict is live at /v/o6wr--NrABo.

0x4766…86e2eth-mainnet

High riskEscalate62% confidence

Escalate for deeper review

CredScore sees risk or sensitive exposure strong enough to justify escalation before proceeding.

Analyst briefing

Executive Risk Verdict

This address presents elevated counterparty risk based on generalized observable on-chain metrics. The current view contains enough adverse signal composition or sensitive exposure to justify escalation.

Decision Posture

Escalate for deeper review. A specific high-risk signal combination was detected (sanctions self). This pattern is materially more concerning than any individual flag in isolation and requires human context to resolve correctly.

Primary Risk Drivers

High-confidence sanctions attribution This wallet itself is on a sanctions watchlist (per the curated registry or OFAC SDN sync). Sanctions-sensitive attribution materially increases review urgency because legal and compliance context becomes critical.

History capped by fetch limit

Transfers observed: At least 1,201

History cap: observed count may be a lower bound (cap 1,200)

Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.

Source return flow detected

Circular loop count: 1

Source return count: 5

Rapid round-trip count: 1

Observed sources later reappear as return destinations, which reduces legibility and suggests recirculating flow rather than clean one-direction settlement.

Offsetting Factors

Established history Wallet age: 1.3y (observed)

Recognizable protocol attribution

Observed protocol: LINK token contract

Structural Pattern Observations

Fan-out distribution (medium confidence) The observed flow pattern is consistent with fan-out distribution behavior and also carries additional review pressure from thin visibility, limited history, or sensitive exposure. This is not a misconduct finding, but it is not a routine pattern under current coverage.

Behavior Distribution

Exchange-related interactions: 1% of observed activity. Attributed interactions: 0% of observed activity. High-confidence attributed interactions: 0% of observed activity.

Observed Entity / Protocol Context

OFAC Sanctioned: Lazarus Group (Bybit 2025 exploiter) LINK token contract

Observed Protocol Attribution

LINK token contract

Confidence Statement

Overall assessment confidence is moderate (62%), reflecting partial coverage with usable but still incomplete behavioral signal.

For contrast: a legit, low-risk wallet

0xd8da…6045eth-mainnet

Low riskProceed54% confidence

Proceed with normal caution

CredScore sees a 10.7-year-old wallet holding 5.7 ETH with at least 1,201 transfers with observed context including Vitalik Buterin (Public), Null / Burn Address. No dominant adverse drivers under current coverage; this case can proceed with normal caution.

Wallet snapshot

Primary risk drivers

History capped by fetch limit

Transfers observed: At least 1,201 · History cap: observed count may be a lower bound (cap 1,200)

Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.

Bursty activity pattern

Average observed activity: 34.2 tx/day

A compressed activity window can indicate non-routine behavior and deserves added caution.

High transfer activity

Transfers observed: At least 1,201 · History cap: observed count may be a lower bound (cap 1,200)

Higher activity increases interpretive complexity, but should not be treated as adverse on its own unless paired with suspicious concentration, rapid routing, or sensitive exposure.

Observed entity context

Labels

Vitalik Buterin (Public)Null / Burn AddressCoinbase Hot Wallet 2USDC contractUniswap V2 Router

Protocols

Null / Burn AddressUSDC contractUniswap V2 Router

Offsetting factors

Established history

Wallet age: 10.7y (observed)

Recognizable exchange or protocol context

Observed label: Vitalik Buterin (Public) · Observed label: Null / Burn Address · Observed label: Coinbase Hot Wallet 2

Recognizable protocol attribution

Observed protocol: Null / Burn Address · Observed protocol: USDC contract · Observed protocol: Uniswap V2 Router

Analyst briefing

Executive Risk Verdict

This 10.7-year-old address presents lower relative counterparty risk. The observable behavior is consistent with stable usage and no dominant adverse drivers were detected, though it should still be contextualized with broader exposure intelligence when available.

Decision Posture

Proceed with normal caution. No dominant adverse drivers were identified under the current coverage, and the signal quality is strong enough to support a lower-risk routine posture.

Primary Risk Drivers

History capped by fetch limit Transfers observed: At least 1,201 History cap: observed count may be a lower bound (cap 1,200) Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.

Bursty activity pattern

Average observed activity: 34.2 tx/day

A compressed activity window can indicate non-routine behavior and deserves added caution.

High transfer activity

Transfers observed: At least 1,201

History cap: observed count may be a lower bound (cap 1,200)

Higher activity increases interpretive complexity, but should not be treated as adverse on its own unless paired with suspicious concentration, rapid routing, or sensitive exposure.

Offsetting Factors

Established history Wallet age: 10.7y (observed)

Recognizable exchange or protocol context

Observed label: Vitalik Buterin (Public)

Observed label: Null / Burn Address

Observed label: Coinbase Hot Wallet 2

Recognizable protocol attribution

Observed protocol: Null / Burn Address

Observed protocol: USDC contract

Observed protocol: Uniswap V2 Router

Behavior Distribution

Exchange-related interactions: 0% of observed activity. DEX-related interactions: 0% of observed activity. Attributed interactions: 11% of observed activity. High-confidence attributed interactions: 5% of observed activity.

Observed Entity / Protocol Context

Vitalik Buterin (Public) Null / Burn Address Coinbase Hot Wallet 2 USDC contract Uniswap V2 Router

Observed Protocol Attribution

Null / Burn Address USDC contract Uniswap V2 Router

Confidence Statement

Overall assessment confidence is moderate (54%), reflecting partial coverage with usable but still incomplete behavioral signal.

Sensitivity notes

Improved transaction coverage could materially change activity-based interpretation and increase confidence.

Stronger counterparty attribution coverage could materially improve interpretability and sharpen the current score.

How it works

CredScore is built for teams and operators who need a faster, clearer way to assess wallets. Instead of manually piecing together activity across explorers, you get a focused output designed for real review workflows.

1

Enter a wallet

Start an analysis from the Analyst Desk using a public wallet address.

2

Review the briefing

Read a structured summary with risk tier, decision posture, key drivers, and notable flags.

3

Use it in real decisions

Apply the output to onboarding, counterparty review, investigations, research, or internal risk checks.

Pricing

Your first wallet analysis is free, no credit card. Solo Analyst is $99 a month for unlimited wallet risk briefings across five EVM chains. Teams that need shared workspaces, higher throughput, or a tailored setup can talk with us directly.

FAQ

Straight answers to the questions people ask before relying on a wallet risk tool.

How does this compare to just using a block explorer

Block explorers show raw activity. CredScore is built to help you interpret that activity faster by turning it into a structured briefing with risk tier, posture, supporting rationale, and key flags.

Who is this for

CredScore is built for analysts, investigators, researchers, compliance teams, and operators who need a faster way to assess wallet risk and document what they are seeing.

How should I use the output

The output is meant to support review, prioritization, and internal decision-making. It is a decision-support layer, not a substitute for human judgment or a legal conclusion.

How accurate is it

CredScore is designed to be structured, explainable, and useful in practice, but no risk system is perfect. The point is to make wallet review faster and clearer, not to pretend uncertainty does not exist.

Do I need to provide identity or KYC data

No. CredScore evaluates public wallet activity and produces an explainable risk briefing without asking for identity data.

What chains are supported

Ethereum, Base, Arbitrum, Optimism, and Polygon are all fully supported. Chain selection is a dropdown in the desk. Support expands carefully so the quality of the signal stays strong on each chain we add.

Can my team use it

Yes. Business access is available for teams that need broader usage, more volume, or a setup that fits a larger workflow.

About us

Built in Denver. CredScore exists because analysts were tired of stitching together explorer tabs and getting handed black-box risk scores they couldn't defend in a review.

Get in touch →