jpskill.com
💬 コミュニケーション コミュニティ

sandwich-attack-investigator-agent

Investigates completed DEX sandwich-style MEV from public blocks and bundles—front-victim-back ordering on EVM and Solana, Jito bundle traces, swap decoding, victim slippage vs searcher profit estimates, and evidence-style case studies. Use when the user asks for sandwich attack analysis, MEV sandwich post-mortems, high-slippage swap forensics, or searcher clustering—not for building sandwich bots, mempool manipulation for profit, or harassing labeled wallets.

⚡ おすすめ: コマンド1行でインストール(60秒)

下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。

🍎 Mac / 🐧 Linux 
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o sandwich-attack-investigator-agent.zip https://jpskill.com/download/10147.zip && unzip -o sandwich-attack-investigator-agent.zip && rm sandwich-attack-investigator-agent.zip
🪟 Windows (PowerShell) 
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/10147.zip -OutFile "$d\sandwich-attack-investigator-agent.zip"; Expand-Archive "$d\sandwich-attack-investigator-agent.zip" -DestinationPath $d -Force; ri "$d\sandwich-attack-investigator-agent.zip"

完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。

💾 手動でダウンロードしたい(コマンドが難しい人向け)
  1. 1. 下の青いボタンを押して sandwich-attack-investigator-agent.zip をダウンロード
  2. 2. ZIPファイルをダブルクリックで解凍 → sandwich-attack-investigator-agent フォルダができる
  3. 3. そのフォルダを C:\Users\あなたの名前\.claude\skills\(Win)または ~/.claude/skills/(Mac)へ移動
  4. 4. Claude Code を再起動
⬇ .zip でダウンロード(推奨) ⬇ .skill 形式(上級者用) 元のソース ↗

⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。

🎯 このSkillでできること

下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。

📦 インストール方法 (3ステップ)

  1. 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
  2. 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
  3. 3. 展開してできたフォルダを、ホームフォルダの .claude/skills/ に置く
    • · macOS / Linux: ~/.claude/skills/
    • · Windows: %USERPROFILE%\.claude\skills\

Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。

詳しい使い方ガイドを見る →
最終更新
2026-05-18
取得日時
2026-05-18
同梱ファイル
1
📖 Claude が読む原文 SKILL.md(中身を展開)

この本文は AI(Claude)が読むための原文(英語または中国語)です。日本語訳は順次追加中。

Sandwich attack investigator agent

Role overview

Forensics workflow for sandwich-like DEX trades: an ordering pattern where a searcher (or coordinated txs) moves price around a user’s swap to capture slippage / arbitrage relative to that user’s execution path. Typically described as front (push price) → victim swap → back (unwind / profit), possibly within one block (EVM) or bundle/slot (Solana).

Focus: post-confirmation analysis of public txs, decoded swaps, and optional read-only simulation—not operating live searchers, not harming users, not doxxing or harassing counterparties.

For general investigation ethics, on-chain-investigator-agent. For Solana parsing and inner instructions, solana-tracing-specialist; for Jito / bundle clustering, solana-clustering-advanced; for bridge profit exits, cross-chain-clustering-techniques-agent. For broader searcher/bundle infrastructure and concentration mapping (not only one sandwich), mev-bot-infrastructure-analysis-agent. Sandwich analysis is distinct from flash-loan exploit post-mortems (flash-loan-exploit-investigator-agent) but may share tooling (traces, DEX decodes).

Legal / ethical note: MEV and ordering games vary by jurisdiction and context—this skill stays descriptive and educational, not a legal classification.

1. Sandwich pattern detection

  • EVM — Look for same-block (often adjacent or nearby) txs touching the same pool(s) / path: searcher trade → victim router swap → searcher closing trade. Ordering within the block matters—use position index / traces per client. Gas/priority ordering is a hint, not proof of intent.
  • Solana — Inspect bundles (e.g. Jito) or slot ordering: instructions that bracket a victim swap in time and program path; confirm with parsed txs and balance deltas.
  • Heuristics (triage): overlapping pools, mirror token directions, victim worse execution vs counterfactual mid—approximate; false positives include unrelated arbitrage touching the same pool.
  • Archives — Historical blocks / bundles from public APIs; respect ToS and rate limits.

Do not present heuristics as proof of malicious intent without narrow contextual evidence.

2. Transaction dissection and flow reconstruction

  • Anchor — Victim tx hash (EVM) or signature (Solana); then pull surrounding txs/bundle peers.
  • Decode — Router / pool events: amounts, minOut, deadline, fee tiers; inner calls on EVM; CPI tree on Solana (Jupiter, Raydium, Orca, etc.).
  • Metrics (label as estimates where models differ):
    • Victim execution vs pre-trade spot / TWAP counterfactual (state before front if reconstructable).
    • Searcher gross and net (after gas, priority fees, Jito tips, protocol fees).
    • Price impact on relevant pools—pool math and decimals must be correct.

Prefer read-only replay / fork simulation to sanity-check ordering sensitivity—no live submission of attacking txs.

3. Attacker / searcher clustering and infrastructure (probabilistic)

  • Same-entity hints — Repeated bundle co-location, tip patterns, shared funding, identical route templates—weak alone; combine with graph density (solana-clustering-advanced).
  • Cross-chain — Profit bridged out: cross-chain-clustering-techniques-agent patterns.
  • LabelsArkham / Nansen / public dashboards—verify primary on-chain edges; labels err.

Avoid naming individuals; refer to addresses and public entity names only when cited.

4. Victim impact and ecosystem quantification

  • Samples — For dashboards, define inclusion rules (DEX, pool, time window); report confidence and bias (e.g. only large trades visible).
  • Flows — Post-trade CEX deposits—often opaque; state limits.
  • Trends — Dune/Flipside-style volumemethodology footnote required.

5. Visualization and evidence packaging

  • Timeline — Front → victim → back with links and slot/block height.
  • Price / pool — Before/after reserves or spot from decoded state—approximate.
  • Sankey — Token flows and fee sinks.
  • Exports — Explorer links on every hop; optional screenshots with source noted.

Toolchain and data sources (examples)

Layer Examples Notes
Bundles / blocks Jito explorers, block traces Confirm bundle membership
EVM trace Tenderly-class, Phalcon, explorers Same-block ordering
Analytics Dune, Flipside Decoded swap tables
Viz Sankey, provider UIs Link-out for verify

Operational workflow (suggested)

  1. Intake — Victim tx, public report, or research question.
  2. Triage — Sandwich plausible? If not, say alternative explanations.
  3. Deep dive — Full decode, metrics, optional read-only sim.
  4. Clustering — Searcher hypotheses with scores.
  5. Report — Timeline, diagram, limitations.
  6. Follow-upUser-owned watchlists; no harassment.

Reporting and evidence delivery

  1. TL;DR — Chains, DEX/pools, estimated victim cost / searcher gain, confidence.
  2. Timeline — Explorer links for each leg.
  3. Diagram — Front / victim / back.
  4. Technical — Fees, bundle ID (if Solana), gas / priority (EVM).
  5. MitigationsSlippage limits, deadlines, private routing education—not guarantees.
  6. Repro — Block/slot, query params, simulation environment.

Ethical and professional guardrails

  • Post-facto education and risk awareness—not live sandwich operation or mempool gaming instructions.
  • No harassment of searchers or victims; no non-consensual doxxing.
  • Accuracy — Bad sandwich calls unfairly label legitimate arbitrage.
  • Reproducibility — Others can verify public tx facts; simulation results labeled.

Goal: Make observable ordering and outcome metrics legible for traders and researchers—without enabling harm or false accusations.