ClawHub

Visa Intelligent Commerce - Compatible Cards, wallets & payments

v1.0.0

VISA Intelligent Commerce compatible Payments & Wallet - Give your agent spending power. Financial management for Agents and OpenClaw bots.

0· 167·0 current·0 all-time
by@jononovo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent spending, wallets, purchases) align with requested resources: a single service API key (CREDITCLAW_API_KEY) and HTTP calls to https://creditclaw.com/api/v1. There are no unrelated environment variables, binaries, or config paths required.
Instruction Scope
All runtime instructions are API-driven and constrained to CreditClaw endpoints (checkout, rail5, stripe-wallet, status, webhooks, etc.). The docs explicitly describe handling of sensitive data (one-time AES-256-GCM decryption of card data in-memory) and warn not to leak the API key. This is expected for a payments skill but implies the agent must perform cryptographic operations and strictly avoid persisting secrets — the operator should ensure the agent environment and policies enforce that.
Install Mechanism
Instruction-only skill with no install spec and no code files to run locally. This is the lowest-risk install model; nothing is downloaded or executed by an installer.
Credentials
Only CREDITCLAW_API_KEY is required (declared as primary credential). That single secret is proportional to the described functionality. The SKILL.md warns not to send the key to other domains. I saw no requests for unrelated credentials or file-system paths.
Persistence & Privilege
Skill is not always-included (always: false) and uses the platform default allowing model invocation. It does not request system-wide config changes or access to other skills' credentials. Because it enables monetary operations, operators should be mindful of autonomous invocation but that is a normal platform behavior and not in itself an incoherence.
Assessment
This skill appears coherent for enabling agent spending via CreditClaw: it only needs one API key and instructs the agent to call CreditClaw APIs. Before installing, confirm you trust https://creditclaw.com and are willing to give an agent the ability to make network requests that can spend funds. Ensure the API key is stored securely (secret manager), that your agent enforces the documented approval_mode (default 'ask for everything' is safest), and that the agent runtime will not persist decrypted card data or log secrets. If you want stricter control, configure owner approval thresholds and review transaction logs on the dashboard rather than granting broad autonomous spend permissions.

Like a lobster shell, security has layers — review code before you run it.

Visa Intelligent Commercevk9767awkneyhm7eqy8nqvw950182ratvcardsvk9767awkneyhm7eqy8nqvw950182ratvcheckoutvk9767awkneyhm7eqy8nqvw950182ratvcommercevk9767awkneyhm7eqy8nqvw950182ratvintelligentvk9767awkneyhm7eqy8nqvw950182ratvlatestvk9767awkneyhm7eqy8nqvw950182ratvpayvk9767awkneyhm7eqy8nqvw950182ratvpaymentsvk9767awkneyhm7eqy8nqvw950182ratvvisavk9767awkneyhm7eqy8nqvw950182ratvwalletvk9767awkneyhm7eqy8nqvw950182ratv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCREDITCLAW_API_KEY
Primary envCREDITCLAW_API_KEY

Comments