Hedera Toolbox

identity_check_sanctions

Screen Hedera accounts against on-chain risk signals including transaction patterns, counterparty risk, and known flagged accounts to identify potential sanctions violations.

Instructions

Screen a Hedera account against on-chain risk signals including transaction patterns, counterparty risk, and known flagged accounts. Costs 0.5 HBAR.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`api_key`	Yes	Your HederaIntel API key
`account_id`	Yes	Hedera account ID to screen

Implementation Reference

src/modules/identity/tools.js:224-347 (handler)

The handler function for identity_check_sanctions, which screens a Hedera account by analyzing on-chain risk signals, transactions, and token statuses.

if (name === "identity_check_sanctions") {
  const payment = chargeForTool("identity_check_sanctions", args.api_key);
  const base = getMirrorNodeBase();

  const resolved = await resolveAccountInput(args.account_id, base);
  const hederaId = resolved.hederaId;

  // Fetch account info (use cached from resolution if available)
  const account = resolved._account ||
    (await axios.get(`${base}/api/v1/accounts/${hederaId}`)).data;

  // Fetch recent transactions for pattern analysis
  const txRes = await axios.get(
    `${base}/api/v1/transactions?account.id=${hederaId}&limit=100&order=desc`
  ).catch(() => ({ data: { transactions: [] } }));
  const transactions = txRes.data.transactions || [];

  // Fetch token balances
  const tokenRes = await axios.get(
    `${base}/api/v1/accounts/${hederaId}/tokens?limit=100`
  ).catch(() => ({ data: { tokens: [] } }));
  const tokens = tokenRes.data.tokens || [];

  // Collect unique counterparties
  const counterparties = new Set();
  const txTypes = {};
  let failedTxCount = 0;
  let largeTransferCount = 0;

  for (const tx of transactions) {
    const t = tx.name || "UNKNOWN";
    txTypes[t] = (txTypes[t] || 0) + 1;
    if (tx.result && tx.result !== "SUCCESS") failedTxCount++;
    for (const transfer of tx.transfers || []) {
      if (transfer.account !== hederaId) {
        counterparties.add(transfer.account);
      }
      if (Math.abs(transfer.amount || 0) > 100000000000) {
        largeTransferCount++;
      }
    }
  }

  // Risk signal detection
  const riskSignals = [];
  let riskScore = 0;

  // Account age check
  const createdAt = account.created_timestamp
    ? new Date(parseFloat(account.created_timestamp) * 1000)
    : null;
  const ageDays = createdAt
    ? Math.floor((Date.now() - createdAt.getTime()) / (1000 * 60 * 60 * 24))
    : null;

  if (ageDays !== null && ageDays < 7) {
    riskScore += 20;
    riskSignals.push("Very new account - created less than 7 days ago");
  }

  if (failedTxCount > 5) {
    riskScore += 15;
    riskSignals.push("High failed transaction rate - " + failedTxCount + " failed transactions");
  }

  if (largeTransferCount > 3) {
    riskScore += 15;
    riskSignals.push("Multiple large transfers detected (over 1000 HBAR each)");
  }

  if (counterparties.size > 50) {
    riskScore += 10;
    riskSignals.push("High counterparty count - interacts with many unique accounts");
  }

  const frozenTokens = tokens.filter(t => t.freeze_status === "FROZEN");
  if (frozenTokens.length > 0) {
    riskScore += 25;
    riskSignals.push("Account has " + frozenTokens.length + " frozen token relationship(s)");
  }

  const revokedKyc = tokens.filter(t => t.kyc_status === "REVOKED");
  if (revokedKyc.length > 0) {
    riskScore += 30;
    riskSignals.push("KYC has been REVOKED for " + revokedKyc.length + " token(s)");
  }

  if (account.balance?.balance === 0 && transactions.length > 10) {
    riskScore += 10;
    riskSignals.push("Zero HBAR balance despite significant transaction history");
  }

  if (riskSignals.length === 0) {
    riskSignals.push("No on-chain risk signals detected");
  }

  const riskLevel = riskScore >= 50 ? "HIGH" : riskScore >= 20 ? "MEDIUM" : "LOW";

  return {
    account_id: hederaId,
    input: args.account_id,
    input_type: resolved.inputType,
    screening_result: riskLevel === "HIGH" ? "FLAGGED" : riskLevel === "MEDIUM" ? "REVIEW" : "CLEAR",
    risk_score: riskScore,
    risk_level: riskLevel,
    risk_signals: riskSignals,
    account_profile: {
      age_days: ageDays,
      hbar_balance: account.balance?.balance
        ? (account.balance.balance / 100000000).toFixed(4) + " HBAR"
        : "unknown",
      total_transactions_sampled: transactions.length,
      failed_transactions: failedTxCount,
      unique_counterparties: counterparties.size,
      large_transfers: largeTransferCount,
      token_relationships: tokens.length,
      frozen_tokens: frozenTokens.length,
      kyc_revoked_tokens: revokedKyc.length,
    },
    disclaimer: "This screening is based on on-chain data patterns only. It does not constitute legal sanctions screening and should not be used as a sole compliance determination.",
    payment,
    timestamp: new Date().toISOString(),
  };
}

src/modules/identity/tools.js:62-72 (schema)

Input schema definition for the identity_check_sanctions tool.

  name: "identity_check_sanctions",
  description: "Screen a Hedera account against on-chain risk signals including transaction patterns, counterparty risk, and known flagged accounts. Accepts both Hedera native IDs (0.0.123456) and EVM addresses (0x...). Costs 1.0 HBAR.",
  inputSchema: {
    type: "object",
    properties: {
      account_id: { type: "string", description: "Hedera account ID (e.g. 0.0.123456) or EVM address (0x...)" },
      api_key: { type: "string", description: "Your HederaIntel API key" },
    },
    required: ["account_id", "api_key"],
  },
},

Tool Definition Quality

B3.4/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden. It discloses the cost (0.5 HBAR) and the screening purpose, but doesn't mention authentication requirements (though api_key parameter implies it), rate limits, response format, or what constitutes 'risk signals' beyond the listed categories. The description adds some behavioral context but leaves significant gaps for a tool with no annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that states the core purpose and includes important cost information. It's appropriately sized and front-loaded with the main functionality. The cost information at the end is valuable context that earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with no annotations and no output schema, the description provides basic purpose and cost information but lacks details about what the screening actually returns, how risk is assessed, or error conditions. Given the complexity of risk screening and absence of structured behavioral information, the description should do more to explain what users can expect from this operation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents both parameters fully. The description doesn't add any parameter-specific information beyond what's in the schema. The baseline score of 3 is appropriate when the schema does all the parameter documentation work.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Screen a Hedera account against on-chain risk signals' with specific risk categories listed (transaction patterns, counterparty risk, flagged accounts). It distinguishes from siblings like identity_verify_kyc by focusing on sanctions/risk screening rather than KYC verification. However, it doesn't explicitly contrast with all similar tools like identity_resolve.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context through 'screen a Hedera account against on-chain risk signals' and mentions the cost (0.5 HBAR), which suggests when this tool might be appropriate. However, it lacks explicit guidance on when to use this vs. alternatives like identity_verify_kyc or identity_resolve, and doesn't specify prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mountainmystic/hederatoolbox'

If you have feedback or need assistance with the MCP directory API, please join our Discord server