Security checks across malware telemetry and agentic risk
This needs Review because the listing context is ticket-focused while the artifacts give an agent broad real-money shopping, payment-link, and x402 payment authority.
Install only if you intend to give an agent a broad CreditClaw wallet, not just a ticket-buying helper. Keep approval required for every purchase, set low limits and merchant or category allowlists, review payment-link and x402 behavior before enabling them, protect CREDITCLAW_API_KEY as a spending credential, and review any remote guide files before letting an agent follow them.
### Checkout Request
```bash
curl -X POST https://creditclaw.com/api/v1/bot/merchant/checkout \
-H "Authorization: Bearer $CREDITCLAW_API_KEY" \
-H "Content-Type: application/json" \
-d '{## How It Works Self-hosted cards use a split-knowledge privacy model. Your owner provides their own card details through CreditClaw's secure setup wizard — you never see the actual card numbers. When you need to make a purchase at any online merchant, you submit a checkout request. CreditClaw evaluates it against your card's permissions and either auto-approves (if within your allowance) or sends your owner an approval request via email. **Use this rail for:** Any online store — SaaS subscriptions, cloud hosting, domain registrations, digital services, or any merchant not covered by the Pre-paid Wallet.
1. You submit a checkout request with merchant and amount details 2. CreditClaw evaluates the request against your card's permissions 3. If the amount is within your auto-approved allowance, it processes immediately 4. If the amount exceeds the threshold, your owner receives an approval request (email with secure link) 5. You poll for the result 6. Once approved, the transaction is recorded
## Allowance Thresholds Your owner sets a per-profile allowance threshold for each card. Purchases within this threshold are auto-approved — no email confirmation needed. Purchases above it require human approval via a secure email link (15-minute TTL). Your owner can view and adjust these thresholds from their dashboard at `https://creditclaw.com/app/self-hosted`.
**You must follow these rules:** - If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. **New accounts default to this mode.** Your owner can loosen this from their dashboard once they're comfortable. - If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval. - If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval. - **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined. - Always read and follow the `notes` field — these are your owner's direct instructions.
**You must follow these rules:** - If `approval_mode` is `ask_for_everything`, ask your human before any purchase to get their approval. **New accounts default to this mode.** Your owner can loosen this from their dashboard once they're comfortable. - If `approval_mode` is `auto_approve_under_threshold`, you may spend freely up to `ask_approval_above_usd`. Anything above that requires owner approval. - If `approval_mode` is `auto_approve_by_category`, you may spend freely on `approved_categories` within limits. All others require approval. - **Never** spend on `blocked_categories`. These are hard blocks enforced server-side and will be declined. - Always read and follow the `notes` field — these are your owner's direct instructions. - Cache this for up to 30 minutes. Do not fetch before every micro-purchase.
66/66 vendors flagged this skill as clean.