Search everything...

Stats

Actions

Available In

fraud-investigator

Name: fraud-investigator
Author: iceberg-security

By iceberg-security

Agentic fraud-investigation copilot. Orchestrator + 5 subskills + verifier meta-skill, talking through a PASETO + RBAC + audit MCP gateway to six federated downstream MCP servers.

npx claudepluginhub iceberg-security/fincrime-secured-mcp --plugin fraud-investigator

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands3

Audit Trail

/fraud-audit-trail

Show the last N rows of the fraud-copilot audit DB (default 20)

Fraud Investigation

/fraud-investigate

Run a fraud investigation against the local fraud-copilot-oss stack

Bring up fraud-copilot stack

/fraud-stack-up

Bring up the fraud-copilot-oss docker stack (auth gateway, MCP gateway, 6 mock APIs + MCP servers, Grafana)

Skills7

analyze-transactions

/analyze-transactions

Examine a customer's payment activity through the transactions MCP server to surface fraud-relevant patterns — volume, counterparties, velocity anomalies. Invoked by the orchestrator after gather-customer-profile.

check-osint

/check-osint

Gather OSINT context on a customer or counterparty — adverse media, regulator actions, corporate registry records — via the osint MCP server. Subject to an outbound allowlist on fetch_page.

draft-narrative

/draft-narrative

Compose a structured fraud-investigation report from the evidence bundle produced by upstream subskills. No MCP tool calls — pure synthesis with a verdict and reasoning.

gather-customer-profile

/gather-customer-profile

Assemble a baseline customer profile — identity, accounts, device history — via the customer_data MCP server. Always the first subskill invoked by the orchestrator.

orchestrator

/orchestrator

Investigate a fraud alert by routing to the right subskill, gather evidence through the MCP gateway, and produce a structured investigation report.

MCP Servers1

fraud-investigator

admin

1 secret

Stats

Version0.1.0

LanguagePython

Stars0

MaintenanceGood

Last CommitMay 26, 2026

AddedMay 27, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

fincrime-secured-mcp

Safety Signals

Critical

Admin access level

Server config contains admin-level keywords

Caution

Requires secrets

Needs API keys or credentials to function

README

fraud-copilot-oss

An open-source, agentic fraud-investigation copilot with the auth, RBAC, and audit plumbing that regulated industries actually need.

Showcase & integrator docs: https://iceberg-security.github.io/fincrime-secured-mcp/

Most open-source MCP demos skip the load-bearing security layer. This one ships it: a Claude Cowork plugin talks through an MCP gateway that mints short-lived PASETO tokens, enforces declarative RBAC, audits every call, and federates to six downstream MCP servers — each wrapping a mock data source that an integrator swaps for their real backend.

Python everywhere. Apache 2.0. One docker compose up brings up the full 14+ service stack in under 30 seconds on an M-series MacBook.

Architecture (30-second tour)

┌─────────────────────┐     OIDC bearer      ┌─────────────────────┐
│   Cowork Plugin     │ ───────────────────▶ │  Auth Gateway       │
│ (orchestrator +     │                      │  (PASETO mint)      │
│  subskills +        │                      └──────────┬──────────┘
│  verify-output)     │                                 │ user PASETO (5 min)
└──────────┬──────────┘                                 ▼
           │  user PASETO + JSON-RPC      ┌─────────────────────────┐
           └─────────────────────────────▶│  MCP Gateway            │
                                          │  - PASETO verify        │
                                          │  - replay cache (jti)   │
                                          │  - RBAC enforce         │
                                          │  - re-sign service token│
                                          │  - audit emit           │
                                          └──────────┬──────────────┘
                                                     │ service PASETO (60s, separate keypair)
                                                     ▼
                              ┌──────────────────────────────────────────────┐
                              │   6 downstream MCP servers (FastMCP)         │
                              │   customer_data, transactions, kyc,          │
                              │   sanctions, osint, case_actions             │
                              └──────────┬───────────────────────────────────┘
                                         │ HTTP (loopback / cluster-local)
                                         ▼
                              ┌──────────────────────────────────────────────┐
                              │   6 mock APIs (FastAPI, in-memory)           │
                              │   ─ replaced by integrator's real backends   │
                              └──────────────────────────────────────────────┘

Audit rows land in SQLite (default) or ClickHouse (opt-in). OpenTelemetry spans correlate every hop via the PASETO trace_id claim. The threat model walks the trust boundaries; the ADR index explains every load-bearing choice.

The full architecture and design rationale lives in tasks/prd-fraud-investigator-plugin.md (see §5 for the canonical diagram).

Quickstart

Five minutes to a running investigation against the mock stack:

make install        # create virtualenv and install dependencies
make gen-keys       # one-off: generate Ed25519 PASETO keypairs under config/keys/
make compose-up     # build the shared image and start every service
make compose-ps     # all services should be 'healthy' within ~30 seconds
make load-fixtures  # seed the six scenario personas across the mock stack

Smoke test the full mock-oidc → auth-gateway → mcp-gateway → customer_data path:

TOKEN=$(curl -s "http://localhost:9000/[email protected]" | jq -r .access_token)
PASETO=$(curl -s -X POST http://localhost:8080/token \
             -H "Authorization: Bearer $TOKEN" | jq -r .access_token)
curl -s -X POST http://localhost:8000/mcp/customer_data \
     -H "Authorization: Bearer $PASETO" \
     -H 'Content-Type: application/json' \
     -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
          "params":{"name":"get_customer",
                     "arguments":{"customer_id":"cust-0001"}}}'

Tear down with make compose-down. The audit DB lives in a named volume (audit_data) so it survives restarts.

Local dev (no Docker) is just as fast:

make lint           # ruff
make typecheck      # mypy
make test           # pytest (>=600 cases, runs in <30s on a laptop)
make evals-smoke    # deterministic eval suite — no API key required

What's included

Mirroring PRD §6 of the source spec:

View full README on GitHub

fraud-investigator

Popularity

What's Inside

Confidence

README

fraud-copilot-oss

Architecture (30-second tour)

Quickstart

What's included

Similar Plugins

nanobanana

product-management

ui-design

claude-mem

llm-council-plugin

human-resources

fraud-copilot-oss

Architecture (30-second tour)

Quickstart

What's included

Popularity

Health & Quality

Similar Plugins

nanobanana

product-management

ui-design

claude-mem

llm-council-plugin

human-resources