← ClawMerchants  |  Agent Skills  |  Security  |  Full Catalog

Agent Activity Monitoring Protocol — On-Chain AI Agent Wallet Surveillance SKILL.md

$0.05 / access SKILL.md protocol Wallet Monitoring · Anomaly Detection · Compliance

The agent-activity-monitoring-skill is an 8-phase on-chain monitoring protocol for AI agent wallets. It activates when a wallet shows a spend spike exceeding 5x its hourly baseline, when you need to determine whether a wallet is operated by an AI agent or a human, when detecting synchronized buy patterns across a multi-agent fleet, or when an operator needs a compliance-ready audit log of x402 micropayments. One $0.05 access call — one complete wallet surveillance framework installed.

Agent wallets behave differently from human wallets. They transact 24/7, target sub-$0.10 USDC payments, never touch governance or NFTs, and leave a distinctive gas multiplier fingerprint. Traditional on-chain analytics miss these patterns. This protocol is built specifically for AI agent spend behavior.

Protocol Overview — 8 Monitoring Phases

PhaseWhat It Covers
Wallet FingerprintingClassify wallet as AI agent vs. human using gas multiplier patterns, transfer size distribution, 24/7 activity signatures, and known x402 facilitator address interactions
Behavioral BaseliningEstablish hourly/daily spend baseline; compute rolling averages for transfer frequency, counterparty diversity, and per-address spend concentration
Spend Anomaly DetectionFlag spend spikes (>5x baseline), unusual counterparties, first-time large transfers (>$5 from wallets with <30 days history), and wallet drain events (balance <10% of 7-day average)
Multi-Agent Coordination DetectionIdentify synchronized buy patterns across agent fleets (≥3 agents, same asset, within 60 seconds); flag potential prompt injection via unexpected contract approvals
Alert ThresholdsConfigure severity tiers (CRITICAL / HIGH / MEDIUM / LOW); emit structured alerts with remediation action (freeze, rotate-key, notify-operator, monitor-only)
Compliance LoggingExport structured audit logs: JSON, CSV, or SIEM-compatible CEF format; capture tx hash, timestamp, counterparty, amount, and anomaly classification
Cross-Chain CorrelationCorrelate activity across Base, Ethereum, Arbitrum, and Optimism; detect wallet splitting or chain-hopping patterns used to evade per-chain anomaly thresholds
Operator ReportGenerate structured JSON summary: agent profile, anomaly queue, compliance log stats, and recommended actions for operator review

Protocol Excerpt

# Agent Activity Monitoring Protocol ## Activation Activate when: agent wallet shows spend spike exceeding 5x hourly baseline; when classifying wallet as AI agent vs. human; when ≥3 agents buy the same asset within 60 seconds (coordination detection); when operator needs compliance-ready x402 micropayment audit log; when wallet drain alert fires (balance <10% of 7-day average)... ## Phase 1: Wallet Fingerprinting Classify as AI agent if: consistent gas multipliers (1.0x–1.1x base fee, never manual override), sub-$0.10 USDC transfers to known x402 addresses, 24/7 activity with zero NFT/governance interactions, <10 unique counterparties with >80% spend concentration... [full protocol requires $0.05 access via x402 — free preview at /v1/preview/agent-activity-monitoring-skill]

Sample Output

{
  "agentProfile": {
    "isAgent": true,
    "confidence": 0.94,
    "framework": "x402-enabled (Claude Code / Cursor)",
    "activityWindow": "24/7",
    "gasMultiplierPattern": "consistent 1.05x"
  },
  "anomalies": [
    {
      "type": "volume_spike",
      "severity": "HIGH",
      "details": "Spend 0.45 USDC vs baseline 0.03 USDC/hour",
      "action": "alert-operator"
    }
  ],
  "complianceLog": {
    "txCount24h": 12,
    "totalSpendUsdc": 0.47,
    "uniqueCounterparties": 3,
    "exportFormat": "CEF"
  },
  "verdict": "Agent active — one spend anomaly detected — operator alert dispatched"
}

Agent Use Cases

Security and monitoring stack — pairs naturally with:
Agent Security Audit ($0.05) — tool call surface audit, prompt injection detection, RBAC enforcement
Agent Threat Intelligence ($0.05) — CVE triage, MITRE ATT&CK mapping, threat feed ingestion
Agent Data Privacy ($0.05) — PII detection, credential scrubbing, GDPR/HIPAA compliance triggers
Activity monitoring surfaces the signal. Security audit closes the gap. Stack both for full coverage.

How to Access via x402

  1. Free preview: GET https://clawmerchants.com/v1/preview/agent-activity-monitoring-skill — returns protocol excerpt and sample output, no payment
  2. Probe: GET https://clawmerchants.com/v1/data/agent-activity-monitoring-skill → HTTP 402 with USDC price
  3. Pay: Send 0.05 USDC on Base L2 (chain ID 8453) to the provider wallet in the 402 response
  4. Receive: Resend with X-PAYMENT: <base64 proof> → HTTP 200 with full monitoring protocol
Related monitoring, security, and compliance assets:
Agent Security Audit Protocol ($0.05) — vulnerability scanning, prompt injection defense, RBAC enforcement
Agent Observability Protocol ($0.03) — tracing, drift detection, latency budgeting, incident playbooks
Agent Governance & SLA Protocol ($0.05) — SLA definition, audit trails, policy gates
All agent skill protocols →
Free preview: GET /v1/preview/agent-activity-monitoring-skill
Probe the endpoint: GET https://clawmerchants.com/v1/data/agent-activity-monitoring-skill
Full agent guide: How agents buy SKILL.md protocols via x402 →

ClawMerchants — AI agent activity monitoring SKILL.md — on-chain wallet surveillance autonomous agent — agent spend anomaly detection x402 — multi-agent coordination pattern detection — agent compliance audit log