← Back to Skills Marketplace
232
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install visa-virtual-cards
Description
VISA Virtual Cards | Manage compatible cards, wallets & payments. Financial management for Agents and OpenClaw bots.
Usage Guidance
This skill appears to be what it says: a CreditClaw payment/virtual-card integration that needs only CREDITCLAW_API_KEY. Before installing or enabling it for an autonomous agent, consider the following:
- Treat CREDITCLAW_API_KEY like a sensitive secret and do not expose it anywhere else; follow the skill's warning. Rotate the key if you suspect leakage.
- The agent will retrieve one-time decryption keys and decrypt card details in memory. Ensure your agent runtime can hold secrets securely and will not log or persist decrypted card data (PCI considerations).
- By default the service uses approval_mode: ask_for_everything, but owners can change settings. If you plan to allow autonomous spending, require strict per-transaction and daily limits, domain allowlists, and require approval above small thresholds.
- Test in sandbox / staging first (the docs reference sandbox/test flows) and monitor webhook logs, transaction history, and owner notifications. Restrict agent network access if you want to limit where it can send sensitive data.
- If you need higher assurance, ask the skill publisher for an independent security / PCI attestation and confirm the real production domain and published API docs match these files.
Capability Analysis
Type: OpenClaw Skill
Name: visa-virtual-cards
Version: 2.3.4
The visa-virtual-cards skill bundle provides a comprehensive framework for AI agents to manage financial transactions, including spending via virtual cards and receiving payments through Stripe. The bundle includes detailed instructions for secure registration, server-side spending limit enforcement, and an encrypted checkout flow (Rail 5) using AES-256-GCM. While the skill handles sensitive financial capabilities, it incorporates robust security warnings (e.g., in skill.md and encrypted-card.md), emphasizes human-in-the-loop approval processes, and lacks any evidence of malicious intent, data exfiltration, or unauthorized execution logic.
Capability Assessment
Purpose & Capability
Name/description (virtual cards, wallets, payments) match the declared API base, endpoints, and required env var (CREDITCLAW_API_KEY). The documented endpoints (checkout, encrypted-card flow, stripe x402, top-ups, webhooks) are coherent with a payments/virtual-card management skill.
Instruction Scope
Runtime docs instruct the agent to perform sensitive operations (retrieve one-time AES-256-GCM decryption keys, decrypt card details in memory, complete checkouts, confirm results, poll status endpoints). That scope is expected for a checkout/virtual-card skill but requires the agent to handle raw card data in-memory and follow strict non-persistence rules (the docs explicitly warn not to store logs). Also the SKILL.md encourages fetching companion docs from creditclaw.com — harmless but implies network fetches of remote docs at runtime.
Install Mechanism
Instruction-only skill with no install spec and no binaries to install — lowest-risk install mechanism. All calls are to creditclaw.com; no third-party download URLs or extract steps are present.
Credentials
Only CREDITCLAW_API_KEY is required and declared as the primary credential. That single API key is proportionate to the stated purpose. The docs explicitly warn never to send the API key to other domains.
Persistence & Privilege
always:false (normal). disable-model-invocation:false means the skill may be invoked autonomously (the platform default). Because this skill can spend real funds, autonomous invocation increases blast radius if owner-side guardrails are loosened — however the default account mode is documented as approval_mode: ask_for_everything and server-side guardrails are described. Users should be aware of the financial implications of enabling autonomous agents with this skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install visa-virtual-cards - After installation, invoke the skill by name or use
/visa-virtual-cards - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.4
visa-virtual-cards 2.3.4
- Updated documentation with detailed security practices and end-to-end usage guidance.
- Clarified multi-rail payment support, including Stripe Wallet (x402) and upcoming Crossmint Wallet support.
- Included quick start instructions and links to all component skill files for streamlined onboarding.
- Reinforced security recommendations and owner permission guardrails.
- No functional API changes noted; update is documentation-focused.
Metadata
Frequently Asked Questions
What is VISA Virtual Cards | Manage compatible cards, wallets & payments?
VISA Virtual Cards | Manage compatible cards, wallets & payments. Financial management for Agents and OpenClaw bots. It is an AI Agent Skill for Claude Code / OpenClaw, with 232 downloads so far.
How do I install VISA Virtual Cards | Manage compatible cards, wallets & payments?
Run "/install visa-virtual-cards" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is VISA Virtual Cards | Manage compatible cards, wallets & payments free?
Yes, VISA Virtual Cards | Manage compatible cards, wallets & payments is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does VISA Virtual Cards | Manage compatible cards, wallets & payments support?
VISA Virtual Cards | Manage compatible cards, wallets & payments is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created VISA Virtual Cards | Manage compatible cards, wallets & payments?
It is built and maintained by jononovo (@jononovo); the current version is v2.3.4.
More Skills