playbooks

home / skills / openclaw / skills / agent-card-provisioning

agent-card-provisioning skill

/skills/proxyhq/agent-card-provisioning

This skill provisions on-demand virtual payment cards for AI agents with policy-driven controls and instant issuance.

npx playbooks add skill openclaw/skills --skill agent-card-provisioning

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
2.9 KB
---
name: agent-card-provisioning
description: Provision virtual payment cards for AI agents on-demand. Create single-use or limited cards with spending controls, merchant restrictions, and automatic expiration. Cards are issued instantly when policy allows.
---

# Agent Card Provisioning

Provision virtual payment cards for AI agents with built-in spending controls.

## How It Works

1. **Agent requests card** via payment intent
2. **Policy evaluates** the request (amount, merchant, limits)
3. **Card issued** if within policy OR **approval required** if over threshold
4. **Agent uses card** for the specific purchase
5. **Transaction tracked** and matched to intent

## Creating a Card (Intent-Based)

Cards are provisioned through payment intents, not created directly:

```
proxy.intents.create
├── merchant: "Amazon"
├── amount: 49.99
├── description: "Office supplies"
└── category: "office_supplies" (optional)
```

If approved (auto or manual), a card is issued:

```
Response:
├── id: "int_abc123"
├── status: "pending" or "card_issued"
├── cardId: "card_xyz789"
└── message: "Card issued successfully"
```

## Getting Card Details

### Masked (for display)
```
proxy.cards.get { cardId: "card_xyz789" }
→ { last4: "4242", brand: "Visa", status: "active" }
```

### Full Details (for payment)
```
proxy.cards.get_sensitive { cardId: "card_xyz789" }
→ {
    pan: "4532015112830366",
    cvv: "847",
    expiryMonth: "03",
    expiryYear: "2027",
    billingAddress: {
      line1: "123 Main St",
      city: "New York",
      state: "NY",
      postalCode: "10001",
      country: "US"
    }
  }
```

## Card Controls (via Policy)

Policies define what cards can be used for:

| Control | Description |
|---------|-------------|
| **Spending limit** | Max per transaction |
| **Daily/monthly limits** | Cumulative caps |
| **Merchant categories** | Allowed/blocked MCCs |
| **Auto-approve threshold** | Below = instant, above = human approval |
| **Expiration** | Card validity period |

## Card Lifecycle

```
Intent Created
      │
      ▼
┌─────────────┐
│   Policy    │
│  Evaluation │
└──────┬──────┘
       │
  ┌────┴────┐
  ▼         ▼
Auto     Needs
Approve  Approval
  │         │
  ▼         ▼
Card     [Human]
Issued      │
  │         │
  ◀─────────┘
  │
  ▼
Card Used
  │
  ▼
Transaction
 Matched
  │
  ▼
Card
Expired
```

## Best Practices

1. **One intent per purchase** - Creates audit trail
2. **Descriptive intent names** - Helps reconciliation
3. **Set reasonable policies** - Balance autonomy vs control
4. **Monitor transactions** - Use `proxy.transactions.list_for_card`

## Security

- Cards are single-purpose (one intent = one card)
- Unused cards auto-expire
- Full PAN only via `get_sensitive` (requires auth)
- All transactions logged and reconciled

Overview

This skill provisions virtual payment cards for AI agents on demand, issuing single-use or limited-purpose cards instantly when policy allows. It enforces spending controls, merchant restrictions, and automatic expiration to minimize risk and simplify reconciliation. Cards are issued through payment intents so every card maps to a specific purchase intent and audit trail.

How this skill works

An agent creates a payment intent with amount, merchant, description, and optional category. The policy engine evaluates the intent against spending limits, merchant rules, and approval thresholds. If the intent meets auto-approve rules a card is issued immediately; otherwise the intent is flagged for human approval. Issued cards can be retrieved in masked form for display or in full (PAN/CVV) for payment processing under proper authorization.

When to use it

  • Enable AI agents to make bounded purchases without exposing reusable credentials
  • Create one-card-per-purchase audit trails for expense tracking and compliance
  • Limit agent spending with per-transaction, daily, or monthly caps
  • Restrict purchases to approved merchant categories or specific merchants
  • Automate low-risk purchases while routing high-value requests for manual approval

Best practices

  • Use one intent per purchase to maintain clear, auditable records
  • Give descriptive intent names and categories to simplify reconciliation
  • Define reasonable auto-approve thresholds to balance speed and control
  • Configure merchant category allowlists/denylists to prevent misuse
  • Monitor transactions regularly and reconcile via the transactions listing endpoint

Example use cases

  • An AI procurement assistant requests a virtual card to buy office supplies on Amazon for a single order
  • A chat-based agent purchases cloud credits subject to a monthly budget cap
  • A research agent accesses paid datasets with cards restricted to approved vendor MCCs and auto-expiring after use
  • Automated testing uses single-use cards to validate payment flows without exposing long-term credentials
  • A finance workflow issues cards for contractors with strict per-transaction and time-limited access

FAQ

How is a card tied to an intent?

Cards are provisioned only through payment intents; each issued card is linked to the originating intent ID so every transaction can be matched back to its request.

Can I retrieve full PAN details programmatically?

Yes, full PAN and CVV are available via the sensitive card details endpoint but require proper authorization and should be used only for payment processing.