Skills ClawVault Payments
Security middleware for AI agents handling money. Non-custodial crypto wallets and virtual Visa cards with spending limits, whitelists, and human approval.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/andrewszk1/clawvault-payments" ~/.claude/skills/openclaw-skills-clawvault-payments && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/andrewszk1/clawvault-payments" ~/.openclaw/skills/openclaw-skills-clawvault-payments && rm -rf "$T"
manifest:
skills/andrewszk1/clawvault-payments/SKILL.mdsource content
ClawVault Agent Skill
You have access to ClawVault, a security middleware for AI agents. ClawVault protects TWO spending channels:
- Crypto payments - USDC transfers on Base and Solana blockchains
- Agent Card - Virtual Visa card for any merchant worldwide (SaaS, APIs, cloud, etc.)
Both channels use the same rules engine. Every transaction is validated against user-defined rules. Transactions within rules auto-approve; transactions outside rules require human approval via Telegram or dashboard.
Security Model
- Non-custodial: Your keys never leave your wallet
- Rule-enforced: Spending limits, whitelists, time windows enforced on-chain
- Human-in-the-loop: Anything outside rules requires explicit approval
- Audit trail: All transactions logged and visible in dashboard
API Base URL
https://api.clawvault.cc
Authentication
All requests require your API key in the Authorization header:
Authorization: Bearer ${CLAWVAULT_API_KEY}
Get your API key at: https://clawvault.cc/agents
CRYPTO PAYMENTS (On-Chain)
1. Request a Crypto Payment
When you need to send USDC to a blockchain address:
POST /v1/payments Content-Type: application/json { "amount": "50.00", "token": "USDC", "recipient": "0x1234567890abcdef1234567890abcdef12345678", "chain": "base", "reason": "Payment for services rendered", "skill": "transfer" }
Response (Success)
{ "success": true, "data": { "id": "pi_abc123", "status": "pending", "expiresAt": "2026-02-27T12:00:00Z" } }
Possible Statuses
- Payment executed immediately (within rules)auto_approved
- Awaiting human approval via Telegram/dashboardpending
- Payment was rejecteddenied
- Approval window closed (5 minutes)expired
2. Check Before Sending (Dry Run)
Before making a payment, check if it will auto-approve or need manual approval:
POST /v1/rules/check Content-Type: application/json { "amount": "50.00", "token": "USDC", "recipient": "0x1234...", "chain": "base" }
Response
{ "success": true, "data": { "allowed": true, "autoApprove": false, "reason": "Manual mode", "remainingBudget": { "daily": 450.00 }, "remainingTx": { "daily": 46 } } }
If
autoApprove: false3. Get Vault Status
Check your vault balance and current limits:
GET /v1/vault
Response
{ "success": true, "data": { "chain": "base", "balances": [{ "token": "USDC", "balance": "150.00" }], "rules": { "mode": "manual", "perTxLimit": 500, "dailyTxMax": 20 } } }
AGENT CARD (Visa Card)
Use the Agent Card when you need to pay for:
- SaaS subscriptions (Vercel, Netlify, etc.)
- API services (OpenAI, Anthropic, Twilio, etc.)
- Cloud compute (AWS, GCP, Azure)
- Any merchant that accepts Visa
4. Request a Card Purchase
POST /v1/card/purchase Content-Type: application/json { "amount": 20.00, "currency": "USD", "merchant": "OpenAI API", "merchant_category": "api_services", "reason": "GPT-4 API credits for research task" }
Response (Approved)
{ "success": true, "data": { "id": "card_txn_abc123", "status": "approved", "card_credentials": { "number": "4242837419283847", "exp_month": 3, "exp_year": 2028, "cvc": "847" }, "valid_for_seconds": 300 } }
Response (Needs Approval)
{ "success": true, "data": { "id": "card_txn_abc123", "status": "pending_approval", "reason": "Amount exceeds auto-approve threshold" } }
IMPORTANT: Card credentials are temporary and single-use. Use them immediately at the merchant checkout. Never log or store card credentials.
5. Check Card Balance
GET /v1/card/balance
Response
{ "success": true, "data": { "balance": 450.00, "currency": "USD", "spent_today": 50.00, "spent_this_month": 350.00, "daily_limit": 500.00, "monthly_limit": 5000.00 } }
6. Check Card Rules
Before making a purchase, check if it's allowed:
POST /v1/card/check Content-Type: application/json { "amount": 20.00, "merchant_category": "api_services" }
Response
{ "success": true, "data": { "allowed": true, "autoApprove": true, "reason": "Within limits, allowed category" } }
COMMON ENDPOINTS
7. Check Payment/Purchase Status
GET /v1/payments/{payment_id} GET /v1/card/transactions/{transaction_id}
8. List Recent Transactions
GET /v1/transactions?limit=10 GET /v1/card/transactions?limit=10
DECIDING: CRYPTO vs CARD
Use this logic to decide which channel to use:
| Scenario | Use |
|---|---|
| Paying a blockchain address (0x...) | Crypto ( |
| Paying for SaaS subscription | Card ( |
| Paying for API credits | Card ( |
| Paying for cloud services | Card ( |
| Paying for any online service | Card ( |
| Sending money to another person's crypto wallet | Crypto ( |
| DeFi, staking, token swaps | Crypto ( |
Rule of thumb: If it's a blockchain address, use crypto. If it's a company/service, use the card.
HUMAN APPROVAL FLOW
When a transaction requires approval:
- User is notified via Telegram bot or ClawVault dashboard
- User reviews the transaction details (amount, recipient, reason)
- User approves or denies with one tap
- Transaction executes if approved, or is cancelled if denied
- Approval expires after 5 minutes if no action taken
Always inform the user when approval is required: "This transaction needs your approval. Check your Telegram or ClawVault dashboard."
COMMON SCENARIOS
Scenario: User asks to pay for OpenAI API credits
- Call
to verify it's allowed/v1/card/check - If allowed, call
with merchant="OpenAI API"/v1/card/purchase - If
, use the card credentials at checkout immediatelystatus: "approved" - If
, tell user: "This purchase needs your approval. Check Telegram or ClawVault dashboard."status: "pending_approval"
Scenario: User asks to send USDC to an address
- Call
to see if it will auto-approve/v1/rules/check - Call
with the recipient address/v1/payments - If
, tell user to approve in Telegramstatus: "pending"
Scenario: Card purchase denied
Tell the user: "The purchase was denied. Reason: {reason}. Check ClawVault dashboard for details."
Scenario: Insufficient card balance
Tell the user: "Insufficient card balance. Current balance: ${balance}. The card needs to be funded."
ERROR HANDLING
Common Errors
| Code | Meaning | Action |
|---|---|---|
| Bad API key | Check your API key |
| Monthly limit reached | User needs to upgrade |
| Not enough funds | User needs to deposit (crypto) or fund card |
| Outside allowed parameters | Check the |
| Card is frozen | User needs to unfreeze in dashboard |
| Merchant category not allowed | Cannot purchase from this merchant |
| Card not set up | User needs to apply for Agent Card |
Error Response Format
{ "success": false, "error": { "code": "RULE_VIOLATION", "message": "Exceeds per-transaction limit of $100" } }
SECURITY BEST PRACTICES
- Never log card credentials - Card numbers, CVCs are sensitive
- Always check first - Use
or/v1/rules/check
before transactions/v1/card/check - Explain to users - If approval is needed, tell them where to approve
- Handle pending - Don't assume transactions complete immediately
- Use card credentials immediately - They expire in 5 minutes
- Show transaction links - For crypto, link to
https://basescan.org/tx/{txHash}
SUPPORT
- Dashboard: https://clawvault.cc
- Docs: https://clawvault.cc/docs
- API Status: https://api.clawvault.cc/health
- Source: https://github.com/andrewszk/clawvault-mcp-server