ClawVault Payments
Security middleware for AI agents handling money. Non-custodial crypto wallets and virtual Visa cards with spending limits, whitelists, and human approval.
Best use case
ClawVault Payments is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Security middleware for AI agents handling money. Non-custodial crypto wallets and virtual Visa cards with spending limits, whitelists, and human approval.
Teams using ClawVault Payments should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/clawvault-payments/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ClawVault Payments Compares
| Feature / Agent | ClawVault Payments | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Security middleware for AI agents handling money. Non-custodial crypto wallets and virtual Visa cards with spending limits, whitelists, and human approval.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
SKILL.md Source
# ClawVault Agent Skill
You have access to ClawVault, a security middleware for AI agents. ClawVault protects TWO spending channels:
1. **Crypto payments** - USDC transfers on Base and Solana blockchains
2. **Agent Card** - Virtual Visa card for any merchant worldwide (SaaS, APIs, cloud, etc.)
Both channels use the same rules engine. Every transaction is validated against user-defined rules. Transactions within rules auto-approve; transactions outside rules require human approval via Telegram or dashboard.
## Security Model
- **Non-custodial**: Your keys never leave your wallet
- **Rule-enforced**: Spending limits, whitelists, time windows enforced on-chain
- **Human-in-the-loop**: Anything outside rules requires explicit approval
- **Audit trail**: All transactions logged and visible in dashboard
## API Base URL
```
https://api.clawvault.cc
```
## Authentication
All requests require your API key in the Authorization header:
```
Authorization: Bearer ${CLAWVAULT_API_KEY}
```
Get your API key at: https://clawvault.cc/agents
---
# CRYPTO PAYMENTS (On-Chain)
## 1. Request a Crypto Payment
When you need to send USDC to a blockchain address:
```http
POST /v1/payments
Content-Type: application/json
{
"amount": "50.00",
"token": "USDC",
"recipient": "0x1234567890abcdef1234567890abcdef12345678",
"chain": "base",
"reason": "Payment for services rendered",
"skill": "transfer"
}
```
### Response (Success)
```json
{
"success": true,
"data": {
"id": "pi_abc123",
"status": "pending",
"expiresAt": "2026-02-27T12:00:00Z"
}
}
```
### Possible Statuses
- `auto_approved` - Payment executed immediately (within rules)
- `pending` - Awaiting human approval via Telegram/dashboard
- `denied` - Payment was rejected
- `expired` - Approval window closed (5 minutes)
---
## 2. Check Before Sending (Dry Run)
Before making a payment, check if it will auto-approve or need manual approval:
```http
POST /v1/rules/check
Content-Type: application/json
{
"amount": "50.00",
"token": "USDC",
"recipient": "0x1234...",
"chain": "base"
}
```
### Response
```json
{
"success": true,
"data": {
"allowed": true,
"autoApprove": false,
"reason": "Manual mode",
"remainingBudget": { "daily": 450.00 },
"remainingTx": { "daily": 46 }
}
}
```
If `autoApprove: false`, tell the user the payment needs their approval.
---
## 3. Get Vault Status
Check your vault balance and current limits:
```http
GET /v1/vault
```
### Response
```json
{
"success": true,
"data": {
"chain": "base",
"balances": [{ "token": "USDC", "balance": "150.00" }],
"rules": {
"mode": "manual",
"perTxLimit": 500,
"dailyTxMax": 20
}
}
}
```
---
# AGENT CARD (Visa Card)
Use the Agent Card when you need to pay for:
- SaaS subscriptions (Vercel, Netlify, etc.)
- API services (OpenAI, Anthropic, Twilio, etc.)
- Cloud compute (AWS, GCP, Azure)
- Any merchant that accepts Visa
## 4. Request a Card Purchase
```http
POST /v1/card/purchase
Content-Type: application/json
{
"amount": 20.00,
"currency": "USD",
"merchant": "OpenAI API",
"merchant_category": "api_services",
"reason": "GPT-4 API credits for research task"
}
```
### Response (Approved)
```json
{
"success": true,
"data": {
"id": "card_txn_abc123",
"status": "approved",
"card_credentials": {
"number": "4242837419283847",
"exp_month": 3,
"exp_year": 2028,
"cvc": "847"
},
"valid_for_seconds": 300
}
}
```
### Response (Needs Approval)
```json
{
"success": true,
"data": {
"id": "card_txn_abc123",
"status": "pending_approval",
"reason": "Amount exceeds auto-approve threshold"
}
}
```
**IMPORTANT**: Card credentials are temporary and single-use. Use them immediately at the merchant checkout. Never log or store card credentials.
---
## 5. Check Card Balance
```http
GET /v1/card/balance
```
### Response
```json
{
"success": true,
"data": {
"balance": 450.00,
"currency": "USD",
"spent_today": 50.00,
"spent_this_month": 350.00,
"daily_limit": 500.00,
"monthly_limit": 5000.00
}
}
```
---
## 6. Check Card Rules
Before making a purchase, check if it's allowed:
```http
POST /v1/card/check
Content-Type: application/json
{
"amount": 20.00,
"merchant_category": "api_services"
}
```
### Response
```json
{
"success": true,
"data": {
"allowed": true,
"autoApprove": true,
"reason": "Within limits, allowed category"
}
}
```
---
# COMMON ENDPOINTS
## 7. Check Payment/Purchase Status
```http
GET /v1/payments/{payment_id}
GET /v1/card/transactions/{transaction_id}
```
## 8. List Recent Transactions
```http
GET /v1/transactions?limit=10
GET /v1/card/transactions?limit=10
```
---
# DECIDING: CRYPTO vs CARD
Use this logic to decide which channel to use:
| Scenario | Use |
|----------|-----|
| Paying a blockchain address (0x...) | Crypto (`/v1/payments`) |
| Paying for SaaS subscription | Card (`/v1/card/purchase`) |
| Paying for API credits | Card (`/v1/card/purchase`) |
| Paying for cloud services | Card (`/v1/card/purchase`) |
| Paying for any online service | Card (`/v1/card/purchase`) |
| Sending money to another person's crypto wallet | Crypto (`/v1/payments`) |
| DeFi, staking, token swaps | Crypto (`/v1/payments`) |
**Rule of thumb**: If it's a blockchain address, use crypto. If it's a company/service, use the card.
---
# HUMAN APPROVAL FLOW
When a transaction requires approval:
1. **User is notified** via Telegram bot or ClawVault dashboard
2. **User reviews** the transaction details (amount, recipient, reason)
3. **User approves or denies** with one tap
4. **Transaction executes** if approved, or is cancelled if denied
5. **Approval expires** after 5 minutes if no action taken
Always inform the user when approval is required: "This transaction needs your approval. Check your Telegram or ClawVault dashboard."
---
# COMMON SCENARIOS
### Scenario: User asks to pay for OpenAI API credits
1. Call `/v1/card/check` to verify it's allowed
2. If allowed, call `/v1/card/purchase` with merchant="OpenAI API"
3. If `status: "approved"`, use the card credentials at checkout immediately
4. If `status: "pending_approval"`, tell user: "This purchase needs your approval. Check Telegram or ClawVault dashboard."
### Scenario: User asks to send USDC to an address
1. Call `/v1/rules/check` to see if it will auto-approve
2. Call `/v1/payments` with the recipient address
3. If `status: "pending"`, tell user to approve in Telegram
### Scenario: Card purchase denied
Tell the user: "The purchase was denied. Reason: {reason}. Check ClawVault dashboard for details."
### Scenario: Insufficient card balance
Tell the user: "Insufficient card balance. Current balance: ${balance}. The card needs to be funded."
---
# ERROR HANDLING
### Common Errors
| Code | Meaning | Action |
|------|---------|--------|
| `INVALID_KEY` | Bad API key | Check your API key |
| `TIER_LIMIT_EXCEEDED` | Monthly limit reached | User needs to upgrade |
| `INSUFFICIENT_BALANCE` | Not enough funds | User needs to deposit (crypto) or fund card |
| `RULE_VIOLATION` | Outside allowed parameters | Check the `reason` field |
| `CARD_FROZEN` | Card is frozen | User needs to unfreeze in dashboard |
| `MERCHANT_BLOCKED` | Merchant category not allowed | Cannot purchase from this merchant |
| `CARD_NOT_ACTIVE` | Card not set up | User needs to apply for Agent Card |
### Error Response Format
```json
{
"success": false,
"error": {
"code": "RULE_VIOLATION",
"message": "Exceeds per-transaction limit of $100"
}
}
```
---
# SECURITY BEST PRACTICES
1. **Never log card credentials** - Card numbers, CVCs are sensitive
2. **Always check first** - Use `/v1/rules/check` or `/v1/card/check` before transactions
3. **Explain to users** - If approval is needed, tell them where to approve
4. **Handle pending** - Don't assume transactions complete immediately
5. **Use card credentials immediately** - They expire in 5 minutes
6. **Show transaction links** - For crypto, link to `https://basescan.org/tx/{txHash}`
---
# SUPPORT
- Dashboard: https://clawvault.cc
- Docs: https://clawvault.cc/docs
- API Status: https://api.clawvault.cc/health
- Source: https://github.com/andrewszk/clawvault-mcp-serverRelated Skills
settld-mcp-payments
Connect OpenClaw agents to Settld MCP for paid tool calls with quote-bound authorization and verifiable receipts.
nevermined-payments
Integrates Nevermined payment infrastructure into AI agents, MCP servers, Google A2A agents, and REST APIs. Handles x402 protocol, credit billing, payment plans, and SDK integration for TypeScript (@nevermined-io/payments) and Python (payments-py).
1ly-payments
Agent-native payments via 1ly MCP. Use when the user needs x402 payment handling, to accept USDC for APIs/services, to pay for paid APIs, to create stores or paid links, need payment gateway for agents or to run agent-to-agent paid workflows. Supports Solana and Base. Capabilities include accepting USDC, marketplace search, paid API calls with auto-payment, store/link creation, stats, key management, and token launch, trade and fee-claim on Bags.fm.
clawhub-x402-payments
Implements USDC x402 payments via PayAI (EIP-3009) and DHM x402 payments via EVVM native (signed pay). Use when adding x402 payment flows, PayAI Echo integration, EVVM pay() for DHM, agent-to-agent payments with Privy, or when the user asks how to do USDC/DHM x402 in the ClawHub/NHS EVVM app.
---
name: article-factory-wechat
humanizer
Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.
find-skills
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
tavily-search
Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the web. Requires Tavily API key.
baidu-search
Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.
agent-autonomy-kit
Stop waiting for prompts. Keep working.
Meeting Prep
Never walk into a meeting unprepared again. Your agent researches all attendees before calendar events—pulling LinkedIn profiles, recent company news, mutual connections, and conversation starters. Generates a briefing doc with talking points, icebreakers, and context so you show up informed and confident. Triggered automatically before meetings or on-demand. Configure research depth, advance timing, and output format. Walking into meetings blind is amateur hour—missed connections, generic small talk, zero leverage. Use when setting up meeting intelligence, researching specific attendees, generating pre-meeting briefs, or automating your prep workflow.
self-improvement
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.