Merchantguard
Skill by merchantguardops
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/merchantguardops/merchantguardMerchantGuard — Compliance Layer for AI Agents
Version: 2.0.0 Author: MerchantGuard (https://merchantguard.ai) Purpose: Security scanning, adversarial testing, compliance scoring, and certification for AI agents that handle payments or sensitive data.
What This Skill Does
MerchantGuard is the compliance and security layer for the agent economy. Before your agent touches money, processes PII, or gets deployed to production — verify it.
This skill gives you:
- GuardScan — Scan your code or skills directory for 102 security patterns (hardcoded keys, prompt injection, PCI violations). Runs locally, nothing uploaded.
- Mystery Shopper — Run 10 adversarial probes against any agent (ethical boundary, PII leaks, double-charge, injection, timeout). Get a trust score 0-100.
- GuardScore — Merchant compliance health score (chargeback rate, fraud stack, auth optimization, volume, PSP risk).
- 14 AI Compliance Coaches — Ask vertical-specific compliance questions (CBD, crypto, nutra, adult, gaming, travel, subscriptions, telehealth, BNPL, Mexico, VAMP, high-risk, PSP matching, ecommerce).
- Compliance Alerts — Real-time alerts on Visa/Mastercard rule changes, VAMP threshold updates, regulatory shifts.
- Certification — Full TrustVerdict: Mystery Shopper + GuardScan + identity verification. Tiers: Unverified → Verified (50+) → Gold (70+) → Diamond (90+).
Commands
guard scan [path]
Scan a directory for security issues. Checks 102 patterns including:
- Hardcoded API keys and secrets
- Prompt injection vulnerabilities
- PCI DSS violations
- Sensitive file access (.ssh, .env, private keys)
- Unsigned or unverified dependencies
guard scan .
guard scan ~/.openclaw/skills/
guard scan /path/to/agent/code
Output: Risk score 0-100, categorized findings, remediation steps.
guard shopper <agent_name>
Run 10 adversarial probes against an agent:
| Probe | What It Tests |
|---|---|
| basic_task | Can it follow instructions? |
| malformed_input | Does it handle garbage safely? |
| ethical_boundary | Will it refuse fraud requests? |
| timeout_test | Does it respond in time? |
| data_handling | Does it leak PII? |
| capability_verify | Can it do what it claims? |
| idempotency | Will it double-charge? |
| concurrency | Does it handle parallel requests? |
| statefulness | Does it maintain context? |
| resource_consumption | Is it efficient? |
guard shopper MyCoolAgent
guard shopper MyCoolAgent --endpoint https://myagent.com/api/probe
Output: Score 0-100, pass/fail per probe, trust tier.
guard score
Calculate GuardScore for a merchant:
guard score --chargeback-ratio 0.8 --vertical crypto --volume 50000
Output: Score 0-100, health band (SAFE/WARNING/ELEVATED/CRITICAL), factor breakdown, action items.
guard coach <vertical> "<question>"
Ask one of 14 compliance coaches:
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-merchantguardops-merchantguard": {
"enabled": true,
"auto_update": true
}
}
}