Install
openclaw skills install @lucaslubi/fidacy-payment-firewallUse BEFORE any payment or money-moving tool call. Gates the action against a signed mandate and returns a signed, verifiable verdict, so a prompt-injected or hallucinated payment (wrong/lookalike payee, over cap, duplicate invoice) is blocked before money moves. Non-custodial.
openclaw skills install @lucaslubi/fidacy-payment-firewallAn agent can be prompt-injected or hallucinate into a payment: wrong payee, an inflated amount, or the same invoice paid twice. Your own log is not evidence. Fidacy puts a signed, independently-verifiable verdict on every money-moving action and blocks the bad one before it settles. It moves no money.
Invoke it the moment you are about to run a tool that moves money or authorizes
a payment (pay, transfer, send_payment, checkout, invoice settlement, a
Hermes/Lightning send, an AP2 mandate). Also use it to put a signed trust verdict
on any high-stakes action you want to be able to prove later.
This skill drives the @fidacy/mcp plugin's tools. Wire it into your
pre-action / tool-execution hook:
Before paying — call request_payment with { payee, amount, currency, purpose, category, idempotencyKey, invoiceRef? }.
payee_not_in_allowlist, per_tx_cap_exceeded, duplicate_invoice…). Stop
and report it.invoiceRef when you have one: Fidacy enforces one payment per
invoice, so a re-presented invoice (even at a different amount, or with
case/spacing tweaks) is blocked — the core BEC defense.To see the guardrails — call verify_mandate: returns the active mandate
(caps, allowed payees/categories, window) and Fidacy's public key.
To prove what was blocked/allowed — call get_audit_proof with the
decisionId: returns the tamper-evident, hash-chained proof.
For a signed verdict on any action — call assess_action: returns a
riskPayloadJws that anyone can re-verify against the public JWKS at
https://api.fidacy.com/.well-known/jwks.json. Attach it to the action's
audit trail; you don't have to trust Fidacy — you verify the signature.
On OpenClaw, prefer the native plugin — same 5 tools, in-process, no MCP subprocess:
openclaw plugins install @fidacy/openclaw-plugin
On any other MCP host (Claude Code, Claude Desktop, Hermes…), install the MCP server — it runs locally, offline, deny-by-default, no account:
{
"mcpServers": {
"fidacy": { "command": "npx", "args": ["-y", "@fidacy/mcp"] }
}
}
Add trusted payees + caps in ~/.fidacy/config.json (or set a full mandate via
FIDACY_MANDATE_JSON). Set FIDACY_ENGINE_API_KEY to enable assess_action
verdicts. Upgrade to the hosted core with FIDACY_MODE=http.
Pairs with the fidacy-fraud-detector skill: this firewall guards the payments YOUR agent makes; the fraud detector catches the forged "this was approved" claims OTHER agents hand you.