← Back to Skills Marketplace
Aurex
by
aurexcards
· GitHub ↗
· v1.0.2
309
Downloads
1
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install aurex
Description
Issue virtual crypto-funded cards and manage payments with the Aurex API. Use when users want to create virtual Visa/Mastercard cards, handle crypto deposits...
README (SKILL.md)
Aurex
Issue virtual crypto-funded cards and manage payments programmatically using the Aurex API.
Setup
Get your API key at aurex.cash → Dashboard → API Keys.
export AUREX_API_KEY="your-api-key"
Base URL: https://aurex.cash/api/dashboard
Auth: Authorization: Bearer $AUREX_API_KEY
Rate limit: 60 requests/minute
Security
- Store
AUREX_API_KEYin environment variables only — never hardcode or log it - Card details (number, CVV, expiry, OTP) are sensitive — never log or store them in plaintext
- Only request card details when strictly necessary for the user's task
- Treat CVV and OTP as single-use secrets — discard after use
Users
Create a user
POST /users
Authorization: Bearer $AUREX_API_KEY
Content-Type: application/json
{ "name": "John Doe", "email": "[email protected]" }
Get a user
GET /users/:userId
Authorization: Bearer $AUREX_API_KEY
Get wallet address for deposits
GET /users/:userId/wallet
Authorization: Bearer $AUREX_API_KEY
Returns a deposit address. Send SOL, USDT, or USDC to fund the wallet.
Cards
Issue a card
POST /cards
Authorization: Bearer $AUREX_API_KEY
Content-Type: application/json
{ "userId": "user_123", "name": "Shopping Card", "amount": 50 }
Get card details
GET /cards/:cardId
Authorization: Bearer $AUREX_API_KEY
Returns card number, CVV, expiry, OTP. Handle with care — never log these values.
Top up a card
POST /cards/:cardId/topup
Authorization: Bearer $AUREX_API_KEY
Content-Type: application/json
{ "amount": 25 }
List cards
GET /cards?userId=user_123
Authorization: Bearer $AUREX_API_KEY
Get transactions
GET /cards/:cardId/transactions
Authorization: Bearer $AUREX_API_KEY
Commission
Set partner markup
POST /partner/markup
Authorization: Bearer $AUREX_API_KEY
Content-Type: application/json
{ "markup": 5 }
Get commission earnings
GET /partner/commission
Authorization: Bearer $AUREX_API_KEY
Common Workflows
Issue a card end-to-end
- Create user:
POST /users - Get deposit address:
GET /users/:id/wallet - User sends crypto to that address
- Issue card:
POST /cards - Return card details to user securely
Top up an existing card
- Check wallet balance:
GET /users/:id/wallet - Top up:
POST /cards/:id/topup - Confirm balance:
GET /cards/:id
Error Codes
| Status | Meaning |
|---|---|
| 401 | Invalid or missing API key |
| 404 | User or card not found |
| 422 | Insufficient wallet balance |
| 429 | Rate limit exceeded |
TypeScript SDK
npm install @aurexcash/agent
import { createAurexTools } from '@aurexcash/agent'
const tools = createAurexTools({ apiKey: process.env.AUREX_API_KEY })
// Works with Claude, OpenAI, Vercel AI SDK
Resources
- Website: aurex.cash
- Docs: docs.aurex.cash
- Support: [email protected]
Usage Guidance
This skill appears to do what it says: talk to aurex.cash using an AUREX_API_KEY to create and manage virtual cards. Before installing or using it, confirm you trust the aurex.cash service and the npm package @aurexcash/agent (if you plan to install it). Resolve the metadata mismatch: the registry listing did not show required env vars while the SKILL.md requires AUREX_API_KEY. Treat card details (number, CVV, OTP) as highly sensitive: ensure the agent or your integration never logs them, transmits them over insecure channels, or stores them in plaintext. Limit the API key's permissions if the provider supports it and rotate/revoke the key if you stop using the skill.
Capability Analysis
Type: OpenClaw Skill
Name: aurex
Version: 1.0.2
The skill bundle provides documentation for an API to manage virtual crypto-funded cards. The `SKILL.md` file clearly outlines API endpoints, usage, and includes explicit security warnings regarding the handling of sensitive data like API keys and card details. There are no instructions for the AI agent to perform malicious actions, exfiltrate data, or engage in prompt injection for harmful purposes. The `npm install` instruction is part of a TypeScript SDK example, not a direct command for malicious execution.
Capability Assessment
Purpose & Capability
The skill is an API-integration for issuing and managing virtual cards. Declaring an Aurex API key (AUREX_API_KEY) and calling aurex.cash endpoints is consistent with that purpose.
Instruction Scope
SKILL.md limits actions to HTTP calls to aurex.cash and explicitly warns not to log card secrets. It instructs retrieving full card details (number, CVV, expiry, OTP) and returning them to the user — which is expected for this use case but is a high-sensitivity operation. The guidance does not specify secure transmission/storage mechanisms beyond 'never log', so implementers must ensure secure handling when returning/relaying these secrets.
Install Mechanism
This is instruction-only (no install spec), which is low-risk. The doc mentions an npm TypeScript SDK (@aurexcash/agent) but there's no install specification or code included; callers must install the SDK separately if needed. No downloads or extracted archives are present.
Credentials
The skill requires a single API secret (AUREX_API_KEY), which is proportionate. However, registry metadata provided to you lists 'no required env vars' while SKILL.md declares AUREX_API_KEY (required). This metadata mismatch should be resolved before trusting automated installation or UI prompts that rely on registry fields.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and allows autonomous invocation by default (platform-normal). No instructions modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install aurex - After installation, invoke the skill by name or use
/aurex - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added security guidance for handling API keys and sensitive card details.
- Updated description and workflow instructions to emphasize secure handling and not logging card data.
- Added credentials section with explicit instructions for storing the API key safely.
- Minor clarifications and best practices included in API usage examples.
v1.0.1
- Simplified documentation for easier reference, combining key API examples and workflows into a concise format.
- Removed separate reference files (cards.md, commission.md, users.md); all core documentation is now in SKILL.md.
- Clarified setup instructions and included direct links for API key access.
- Streamlined API usage sections for users, cards, and commission management.
- Kept error code references and SDK installation instructions for quick onboarding.
v1.0.0
Aurex API Skill 1.0.0 — Initial Release
- Provides API integration for creating and managing users, issuing virtual crypto-funded cards, and setting up commission infrastructure.
- Includes step-by-step quick start, detailed endpoint references, and authentication guidance.
- Outlines error handling, response codes, and key operational rules.
- Documents Aurex's wallet/card two-layer balance model and supported crypto currencies.
Metadata
Frequently Asked Questions
What is Aurex?
Issue virtual crypto-funded cards and manage payments with the Aurex API. Use when users want to create virtual Visa/Mastercard cards, handle crypto deposits... It is an AI Agent Skill for Claude Code / OpenClaw, with 309 downloads so far.
How do I install Aurex?
Run "/install aurex" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Aurex free?
Yes, Aurex is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Aurex support?
Aurex is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Aurex?
It is built and maintained by aurexcards (@aurexcards); the current version is v1.0.2.
More Skills