feat(wallet_screening): unify TRM/scam tx risk index for analysis

[Hendobox]

Summary

• Build a unified tx-risk index at skill init by merging:
  • core malicious_scs_2025.json records
  • ETH-address records from relevant normalized datasets (including TRM source files)
• Reuse Ethereum normalization/parsing so only valid 0x + 40 hex addresses are indexed.
• Update transaction analysis to use the merged tx-risk index (instead of only the legacy 6-contract map).
• Keep output shape stable while adding source attribution (source_file, sources) for tx risk hits.

Why

Phase 2.2a under #115 requires extending tx screening coverage beyond the small core malicious list so TRM/scam counterparties are detected during transaction analysis.

Tests

• python3 -m pytest tests/skills/finance/test_wallet_screening.py -v
• Added:
  • test_tx_risk_detects_uniswap_trm_counterparty
  • test_tx_risk_index_merges_core_and_additional_sources

Scope confirmation

This PR is intentionally scoped to 2.2a only:

• included: index merge + tx screening usage + tests
• not included: schema v2, ERC-20/internal tx, pagination/truncation logic, docs/card/instructions alignment

Closes #138
Relates to #115

[rosspeili]

Thanks @Hendobox, strong work on 2.2a (#138 / #115). The tx-risk index at init, TRM merge into _analyze_transactions, and the two regression tests match the scoped plan from #138.

Code: Looks good to merge once the commit metadata is fixed. Scope is correct (skill + tests only). Additive source_file / sources on malicious interactions is fine; sanctions path from 2.1 stays intact. Docs/card/instructions drift remains a separate quick win on #115, not blocking this PR.

Blocker, co-author trailer: The commit includes Co-authored-by: Cursor <cursoragent@cursor.com>. That conflicts with the contributor rules:

• CODE_OF_CONDUCT.md, Contribution process: Do not add AI tools or agents in Co-authored-by: trailers. Reserve co-author credits for human collaborators only.
• CONTRIBUTING.md, Commit: same rule, points to the Code of Conduct
• Agent Contribution Workflow: AI assistance is welcome, AI co-author credits are not.

Please amend the commit (same branch/PR is fine) so the message has only your authorship, no Cursor co-author line. Then comment here and we’ll merge.

How to fix (recommended)

1. Cursor: Settings → search co-author or open Agents → disable automatic co-author attribution on commits (wording varies by version; turn off anything that adds Co-authored-by to git commits).

2. Git identity (verify yours only):

git config user.name
git config user.email

Use the email tied to your GitHub account (or GitHub noreply). Check https://github.com/settings/emails

3. Rewrite the commit on feat/issue-115-2-2a-tx-risk-index:

git commit --amend

Remove the Co-authored-by: Cursor ... line from the message, keep the same title/body otherwise.

4. Verify locally:

git log -1 --format=full

Should show only you as author, no Co-authored-by: trailers.

5. Update the PR:

git push --force-with-lease origin feat/issue-115-2-2a-tx-risk-index

No need to close the PR or open a new branch if the diff stays the same, amend + force-push is the cleanest path I believe, but consult with your Cursor agent for best path also.

Once that’s done, I’ll merge and we’ll mark 2.2a done on the #115 tracker. Thanks again for carrying 2.1 and 2.2a. <3

[Hendobox]

Commit amended. Ready for merge.

[rosspeili]

@Hendobox bro co-author trailer is gone on bc3e9fc, CI is green, and scope matches Ph. 2.2a / #138. Merging now, thanks for the quick amend and for carrying 2.1 + 2.2a. 🙏