home / skills / openclaw / skills / ai-agent-card-payments
This skill enables autonomous AI agents to issue and use virtual cards for policy-compliant purchases with optional approvals.
npx playbooks add skill openclaw/skills --skill ai-agent-card-paymentsReview the files below or copy the command above to add this skill to your agents.
---
name: ai-agent-card-payments
description: Virtual card payments for AI agents. Create intents, issue cards within policy, and make autonomous purchases with approvals for high-value spend.
---
# AI Agent Card Payments
Enable an AI agent to make purchases with virtual cards while Proxy enforces policy.
## What this enables
- Autonomous purchasing within limits
- Per-intent card issuance or unlock
- Policy enforcement with optional human approval
- Evidence and receipt attachment for audit trails
## Quick start (agent token)
```
1) proxy.kyc.status
2) proxy.balance.get
3) proxy.policies.simulate (optional)
4) proxy.intents.create
5) if approvalRequired/pending_approval -> proxy.intents.request_approval
6) proxy.cards.get_sensitive
7) proxy.transactions.list_for_card
```
## MCP server config
```json
{
"mcpServers": {
"proxy": {
"type": "http",
"url": "https://mcp.useproxy.ai/api/mcp",
"headers": {
"Authorization": "Bearer $PROXY_AGENT_TOKEN"
}
}
}
}
```
## Core tools (agent token)
### Intents + cards
- proxy.intents.create (agent token required)
- proxy.intents.list
- proxy.intents.get
- proxy.cards.get_sensitive
### Policy + status
- proxy.policies.get
- proxy.policies.simulate
- proxy.kyc.status
- proxy.balance.get
- proxy.tools.list
### Transactions + evidence
- proxy.transactions.list_for_card
- proxy.transactions.get
- proxy.receipts.attach
- proxy.evidence.list_for_intent
### Merchant intelligence (advisory)
- proxy.merchants.resolve
- proxy.mcc.explain
- proxy.merchants.allowlist_suggest
## Human-only tools
These are blocked for agent tokens and live in the dashboard or via OAuth:
- proxy.funding.get
- proxy.cards.list / get / freeze / unfreeze / rotate / close
- proxy.intents.approve / reject
- proxy.webhooks.list / test_event
## Example: complete purchase
```
proxy.intents.create(
purpose="Buy API credits",
expectedAmount=5000,
expectedMerchant="OpenAI"
)
proxy.cards.get_sensitive(
cardId="card_xyz",
intentId="int_abc123",
reason="Complete OpenAI checkout"
)
```
If the intent is pending approval, call:
```
proxy.intents.request_approval(
intentId="int_abc123",
context="Above auto-approve threshold"
)
```
## Best practices
- Use per-agent tokens for autonomous runs; rotate on compromise.
- Simulate before creating intents to reduce failed attempts.
- Constrain intents with expectedAmount and expectedMerchant.
- Treat MCC/merchant allowlists as advisory unless issuer enforcement is enabled.
- Never log PAN/CVV from proxy.cards.get_sensitive.
This skill enables AI agents to make virtual card payments under enforced policy controls. It provides intent-based card issuance, optional human approvals for high-value spend, and attachments for receipts and evidence to support audits. The skill is designed for autonomous agents that need constrained, auditable purchasing capability.
Agents create an intent describing purpose, expected amount, and merchant; the proxy evaluates policy and either auto-approves or marks the intent pending approval. When allowed, the agent requests a sensitive card payload scoped to that intent and completes the transaction. Transactions, receipts, and evidence are recorded and available for audit and troubleshooting.
What happens if an intent exceeds the auto-approve threshold?
The intent is marked pending approval; the agent can request human approval through the proxy and proceed only after approval is granted.
Can agents access long-lived cards or freeze/close cards?
No. Long-lived card management and freeze/close operations are restricted to human dashboards or OAuth-controlled flows.