← Back to Skills Marketplace
Sardis Cards
by
EfeDurmaz16
· GitHub ↗
· v1.0.0
318
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sardis-cards
Description
Virtual card issuance and management for AI agents to make real-world purchases
Usage Guidance
This skill appears to do what it says (manage virtual cards) and only asks for a SARDIS_API_KEY, which is appropriate. Before installing: 1) Verify the npm package '@sardis/sdk' and the domain https://sardis.sh are legitimate and trustworthy — the SKILL.md references an npm install even though the registry entry shows no install spec. 2) If you allow the SDK to be installed, review its code or use a scoped/trusted package mirror. 3) Limit autonomous invocation or require manual confirmation for actions that create cards or call the 'reveal' endpoint (full card numbers/CVV); otherwise an agent could create cards or expose sensitive data without oversight. 4) Keep the SARDIS_API_KEY secret, rotate it if compromised, and do not paste it into logs or public channels. 5) Note the examples use bc for numeric checks but bc is not listed as required; ensure your runtime has needed binaries. If you want a lower-risk install, ask the skill author to: include a clear install spec in the registry, declare all required binaries, and document the exact npm package version or provide a vetted SDK.
Capability Analysis
Type: OpenClaw Skill
Name: sardis-cards
Version: 1.0.0
The sardis-cards skill provides a legitimate interface for managing virtual payment cards via the Sardis API (api.sardis.sh). The documentation (SKILL.md) includes strong security guardrails, explicitly instructing the AI agent to never log full card numbers, enforce spending limits, and freeze cards upon detecting anomalies. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
Name, description, and required items line up: it manages virtual cards and only requests a SARDIS_API_KEY plus curl and jq. The API endpoints and examples are coherent with a card-management service.
Instruction Scope
SKILL.md stays within the card-management domain (issue, reveal, freeze, limit updates). It warns not to log full card numbers. Minor scope issues: example scripts use bc (for numeric comparison) but bc is not listed in required binaries; one example is truncated. The SKILL.md instructs retrieving sensitive card details (reveal endpoint) which is expected but high-risk — the agent must be constrained to avoid accidental exfiltration.
Install Mechanism
Registry metadata indicated no install spec, but the SKILL.md metadata includes an npm install of '@sardis/sdk'. This mismatch is concerning: either the registry omitted an install step or the skill is relying on an npm SDK that will be pulled at runtime. Installing an npm package is a non-trivial trust action — verify package provenance and review the SDK before allowing automatic installs.
Credentials
Only one credential is requested (SARDIS_API_KEY) and it is the primary credential — appropriate and proportional for a payment-card API. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. However, it is allowed to be invoked autonomously (platform default). Because the skill can create cards and reveal full PAN/CVV data, consider requiring user confirmation or restricting autonomous actions to reduce financial risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sardis-cards - After installation, invoke the skill by name or use
/sardis-cards - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of sardis-cards, enabling virtual card issuance and management for AI agents:
- Issue and manage virtual cards with customizable spending and merchant controls.
- Instantly freeze/unfreeze cards and respond to suspicious activity with automatic fraud detection.
- Monitor real-time transactions, set per-transaction/daily/monthly limits, and view transaction history.
- Securely retrieve masked or full card details and comply with strict security policies.
- Provides API examples and bash scripts for common card operations.
Metadata
Frequently Asked Questions
What is Sardis Cards?
Virtual card issuance and management for AI agents to make real-world purchases. It is an AI Agent Skill for Claude Code / OpenClaw, with 318 downloads so far.
How do I install Sardis Cards?
Run "/install sardis-cards" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sardis Cards free?
Yes, Sardis Cards is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Sardis Cards support?
Sardis Cards is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sardis Cards?
It is built and maintained by EfeDurmaz16 (@efedurmaz16); the current version is v1.0.0.
More Skills