ClawHub

Sardis — Payment OS for AI Agents

v1.1.0

Payment OS for AI agents. Create MPC wallets, execute stablecoin payments with automatic policy enforcement, set spending rules in natural language, check ba...

0· 138·0 current·0 all-time
by@efedurmaz16

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for efedurmaz16/sardis.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sardis — Payment OS for AI Agents" (efedurmaz16/sardis) from ClawHub.
Skill page: https://clawhub.ai/efedurmaz16/sardis
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SARDIS_API_KEY
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sardis

ClawHub CLI

Package manager switcher

npx clawhub@latest install sardis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (payment OS, wallets, policies, cards) align with the requested env var (SARDIS_API_KEY), required binary (curl), packaged code, and API endpoints. The package includes many payment-related subskills and a FastAPI-based local skill server consistent with the stated purpose.
Instruction Scope
SKILL.md contains straightforward curl-based instructions for wallet creation, payments, policy checks, etc., which stay within the payment domain. Notable issues: (1) inconsistent header examples (some examples use X-API-Key, others use Authorization: Bearer) which could cause confusion or incorrect usage; (2) examples show running a local FastAPI skill server and passing 'api_key' inside the request context — be careful not to log or expose keys when using the server. The instructions do not ask the agent to read unrelated local files or system credentials.
Install Mechanism
Install uses the 'uv' package kind (sardis-openclaw) and subskill SKILL.md examples reference installing @sardis/sdk via npm. There are no ad-hoc downloads from unknown URLs in the manifest. Installing npm packages or the upstream 'sardis' dependency introduces normal third-party package risk; this is expected for an SDK but should be reviewed. The install footprint and archive-extraction risk appear moderate and proportional to the skill's purpose.
Credentials
Primary credential is SARDIS_API_KEY which is appropriate for a payment integration. A few subskills (e.g., tempo-pay) mention additional env vars like SARDIS_WALLET_ID and SARDIS_TEMPO_RPC_URL — these are plausible for specialized features but mean additional secrets/config may be required for some functionality. No unrelated cloud or system credentials are requested.
Persistence & Privilege
always is false and the skill does not request system-wide config changes or other skills' credentials. The skill can be invoked autonomously (default) — normal for skills — but because it can execute real payments, you should consider restricting autonomous payment execution or requiring human approval when deploying.
Assessment
This package appears to be what it says: a Sardis payment integration that needs a Sardis API key. Before installing: (1) Verify the upstream packages (pip 'sardis' and the GitHub repo) to ensure you're comfortable with third-party code; (2) Confirm what permissions the SARDIS_API_KEY grants in your Sardis account (limit it to test wallets or read-only if possible); (3) Prefer using the read-only subskill (sardis-balance) when exploring; (4) Resolve the header inconsistency (X-API-Key vs Authorization: Bearer) in your deployment to avoid accidental credential leakage; (5) If you allow autonomous agent invocation, require human approval or per-transaction confirmation for any real-money payments and enable the guardrails/kill-switch features; (6) Rotate keys after testing and monitor payment logs/alerts closely.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💳 Clawdis
Binscurl
EnvSARDIS_API_KEY
Primary envSARDIS_API_KEY

Install

uvuv tool install sardis-openclaw
AI-agentvk975sc3b03cx3nz9z1gxvtecwx83m9cbUSDCvk975sc3b03cx3nz9z1gxvtecwx83m9cbfinancevk975sc3b03cx3nz9z1gxvtecwx83m9cblatestvk975sc3b03cx3nz9z1gxvtecwx83m9cbpaymentsvk975sc3b03cx3nz9z1gxvtecwx83m9cbwalletvk975sc3b03cx3nz9z1gxvtecwx83m9cb
138downloads
0stars
1versions
Updated 1mo ago
v1.1.0
MIT-0
@efedurmaz16
AI-agentUSDCfinancelatestpaymentswallet
Download

Sardis — Payment OS for AI Agents

AI agents can reason, but they cannot be trusted with money. Sardis is how they earn that trust.

Sardis provides complete payment infrastructure for AI agents: non-custodial MPC wallets (Turnkey-backed), natural language spending policies, stablecoin transfers with automatic policy enforcement, virtual card issuance, and full audit trails with on-chain anchoring.

Setup

export SARDIS_API_KEY="sk_your_key_here"
export SARDIS_API_URL="https://api.sardis.sh"   # optional, defaults to production

Get your API key at https://app.sardis.sh or via the API:

curl -X POST https://api.sardis.sh/api/v2/auth/signup \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "your-password"}'

Security Requirements

CRITICAL — ALWAYS ENFORCE:

  • ALWAYS check spending policy before payment execution
  • NEVER bypass approval flows for transactions
  • NEVER hardcode wallet addresses or private keys
  • ALWAYS log transaction attempts for audit trail
  • ALWAYS verify recipient address format before sending
  • FAIL CLOSED on policy violations (deny by default)
  • Use X-API-Key header for authentication on every request

API Reference

Base URL: https://api.sardis.sh

All endpoints require the X-API-Key header.

1. Create Agent + Wallet

Provision an agent identity with an MPC wallet in one call.

curl -X POST https://api.sardis.sh/api/v2/agents \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-agent",
    "description": "Payment agent for OpenAI billing"
  }'

Response:

{
  "agent_id": "agt_abc123",
  "name": "my-agent",
  "wallet_id": "wal_xyz789",
  "addresses": {"base": "0x...", "tempo": "0x..."},
  "kya_tier": "standard",
  "created_at": "2026-03-26T12:00:00Z"
}

Then attach a dedicated wallet if needed:

curl -X POST https://api.sardis.sh/api/v2/agents/agt_abc123/wallet \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain": "base", "provider": "turnkey"}'

2. Send Payment

Unified payment endpoint with automatic policy enforcement, chain routing, and FX.

curl -X POST https://api.sardis.sh/api/v2/pay \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "openai.com",
    "amount": "25.00",
    "currency": "USDC",
    "chain": "base"
  }'

Response:

{
  "status": "completed",
  "tx_hash": "0xabc...def",
  "amount": "25.00",
  "currency": "USDC",
  "chain": "base",
  "policy_result": {"allowed": true, "checks_passed": ["daily_limit", "merchant_allowlist"]},
  "route": {"chain": "base", "provider": "alchemy", "gas_estimate": "0.0012"}
}

Omit chain to let Sardis auto-route to the cheapest chain:

curl -X POST https://api.sardis.sh/api/v2/pay \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"to": "anthropic.com", "amount": "100.00", "currency": "USDC"}'

3. Check Policy (Dry Run)

Pre-flight check whether a payment would be allowed by current policies.

curl -X POST https://api.sardis.sh/api/v2/policies/check \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "agt_abc123",
    "amount": "50.00",
    "currency": "USDC",
    "merchant": "aws.amazon.com"
  }'

Response:

{
  "allowed": true,
  "reason": "All policy checks passed",
  "checks_passed": ["daily_limit", "per_tx_limit", "merchant_allowlist"],
  "checks_failed": [],
  "remaining_daily_limit": "450.00"
}

4. Set Policy (Natural Language)

Define spending rules in plain English. Sardis parses them into enforceable constraints.

curl -X POST https://api.sardis.sh/api/v2/policies/apply \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "agt_abc123",
    "natural_language": "Max $500 per day. Only allow OpenAI and Anthropic. No transactions over $200."
  }'

Response:

{
  "policy_id": "pol_def456",
  "agent_id": "agt_abc123",
  "parsed_rules": [
    {"type": "daily_limit", "value": "500.00", "currency": "USD"},
    {"type": "merchant_allowlist", "merchants": ["openai.com", "anthropic.com"]},
    {"type": "per_transaction_limit", "value": "200.00", "currency": "USD"}
  ],
  "version": 3,
  "applied_at": "2026-03-26T12:05:00Z"
}

You can also preview before applying:

curl -X POST https://api.sardis.sh/api/v2/policies/preview \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "agt_abc123", "natural_language": "Block all payments over $1000"}'

5. Check Balance

# Single-chain balance
curl -X GET "https://api.sardis.sh/api/v2/wallets/wal_xyz789/balance?chain=base" \
  -H "X-API-Key: $SARDIS_API_KEY"

Response:

{
  "wallet_id": "wal_xyz789",
  "chain": "base",
  "balance": "1250.00",
  "currency": "USDC",
  "updated_at": "2026-03-26T12:00:00Z"
}

# Multi-chain balances (all chains at once)
curl -X GET "https://api.sardis.sh/api/v2/wallets/wal_xyz789/balances" \
  -H "X-API-Key: $SARDIS_API_KEY"

6. Issue Virtual Card

Issue a stablecoin-funded virtual Visa card for real-world purchases.

curl -X POST https://api.sardis.sh/api/v2/cards/virtual/issue \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": "25.00",
    "card_type": "single_use"
  }'

Response:

{
  "card_id": "crd_abc123",
  "card_number": "4242424242424242",
  "cvv": "123",
  "expiry": "12/27",
  "amount": "25.00",
  "currency": "USD",
  "card_type": "single_use",
  "status": "active"
}

7. Wallet Transfer (Direct)

Transfer stablecoins from a specific wallet (with automatic policy enforcement).

curl -X POST https://api.sardis.sh/api/v2/wallets/wal_xyz789/transfer \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb",
    "amount": "50.00",
    "token": "USDC",
    "chain": "base",
    "agent_id": "agt_abc123"
  }'

Response:

{
  "tx_hash": "0xdef...abc",
  "status": "confirmed",
  "amount": "50.00",
  "token": "USDC",
  "chain": "base",
  "block_number": 12345678
}

8. Transaction Status

curl -X GET "https://api.sardis.sh/api/v2/transactions/status/0xabc...def" \
  -H "X-API-Key: $SARDIS_API_KEY"

9. Agent Spending Analytics

curl -X GET "https://api.sardis.sh/api/v2/agents/agt_abc123/spending" \
  -H "X-API-Key: $SARDIS_API_KEY"

10. Create Spending Mandate

Spending mandates define scoped, time-limited authority over funds.

curl -X POST https://api.sardis.sh/api/v2/mandates \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "wallet_id": "wal_xyz789",
    "agent_id": "agt_abc123",
    "max_amount": "1000.00",
    "currency": "USDC",
    "expires_at": "2026-04-01T00:00:00Z",
    "merchant_allowlist": ["openai.com", "anthropic.com"]
  }'

Complete Onboarding Flow

# 1. Create agent (auto-provisions wallet)
AGENT=$(curl -s -X POST https://api.sardis.sh/api/v2/agents \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "billing-agent", "description": "Handles API billing"}')
AGENT_ID=$(echo $AGENT | jq -r '.agent_id')
WALLET_ID=$(echo $AGENT | jq -r '.wallet_id')
echo "Agent: $AGENT_ID, Wallet: $WALLET_ID"

# 2. Set spending policy
curl -s -X POST https://api.sardis.sh/api/v2/policies/apply \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"agent_id\": \"$AGENT_ID\", \"natural_language\": \"Max \$100 per transaction, \$500 per day. Only OpenAI and Anthropic.\"}"

# 3. Check balance
curl -s -X GET "https://api.sardis.sh/api/v2/wallets/$WALLET_ID/balances" \
  -H "X-API-Key: $SARDIS_API_KEY" | jq '.'

# 4. Dry-run policy check
curl -s -X POST https://api.sardis.sh/api/v2/policies/check \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"agent_id\": \"$AGENT_ID\", \"amount\": \"25.00\", \"currency\": \"USDC\", \"merchant\": \"openai.com\"}"

# 5. Execute payment (policy auto-enforced)
curl -s -X POST https://api.sardis.sh/api/v2/pay \
  -H "X-API-Key: $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"to": "openai.com", "amount": "25.00", "currency": "USDC", "chain": "base"}'

Error Handling

Always check response status codes:

CodeMeaning
200 / 201Success
400Invalid parameters (check amount, address, token)
401Invalid or missing API key
403Policy violation — payment blocked by spending rules
404Wallet, agent, or transaction not found
429Rate limit exceeded
500Internal error — contact support@sardis.sh

Example error (policy violation):

{
  "error": {
    "code": "POLICY_VIOLATION",
    "message": "Daily spending limit of $500 exceeded. Current: $475, Requested: $50",
    "details": {
      "limit": "500.00",
      "current": "475.00",
      "requested": "50.00"
    }
  }
}

Supported Chains & Tokens

ChainTokens
BaseUSDC, EURC
EthereumUSDC, USDT, PYUSD, EURC
ArbitrumUSDC, USDT
OptimismUSDC, USDT
PolygonUSDC, USDT, EURC
TempopathUSD

Related Skills

  • sardis-balance — Read-only balance checking and analytics
  • sardis-policy — Natural language spending policy management
  • sardis-cards — Virtual card issuance and management
  • sardis-guardrails — Circuit breaker and kill switch controls
  • sardis-identity — Agent identity with TAP verification
  • sardis-escrow — Smart contract escrow for agent-to-agent payments
  • sardis-tempo-pay — MPP-native payments on Tempo mainnet

Links

Comments

Loading comments...