signet-guardian

What This Skill Does

Signet Guardian acts as the primary safety firewall for all payment-related activities within the OpenClaw AI ecosystem. It is designed to prevent unauthorized or excessive spending by implementing a robust, policy-driven verification layer that sits between your AI agents and their payment gateways. Before any financial transaction is initiated, the system performs a preflight check to ensure the request complies with your established financial guardrails. These include a global master switch for payments, strict transaction-level caps, and monthly expenditure limits. The skill operates on a 'default-deny' principle, ensuring that unless a policy is explicitly configured and validated, no funds can be moved. Beyond simple limits, it supports merchant-specific filtering through blocklists or allowlists, and it manages user consent by flagging transactions exceeding a defined amount as 'CONFIRM_REQUIRED'. By centralizing these controls, Signet Guardian provides a secure, consistent experience across different payment-capable agents, ensuring that your agent's autonomy never compromises your financial integrity.

Installation

To integrate this safety layer into your environment, use the OpenClaw hub CLI. Execute the following command in your terminal: clawhub install openclaw/skills/skills/rafalzacher1/signet-guardian

Once installed, ensure your policy configuration is defined. OpenClaw will look for a signet.policy within your main configuration or fallback to {baseDir}/references/policy.json. Populate this file with your desired limits, currency, and merchant restrictions to activate the guardian.

Use Cases

Signet Guardian is essential for anyone delegating financial tasks to AI. Typical use cases include: 1. Automated Subscription Management: Letting an agent renew services while keeping strict monthly budget ceilings. 2. Controlled Procurement: Allowing an agent to order supplies within a predefined per-transaction limit. 3. Financial Safety Nets: Providing a fail-safe mechanism that prevents agents from interacting with unauthorized merchant platforms. 4. Consolidated Auditing: Providing a singular, ledger-locked source of truth for all agent-led financial activity, simplifying monthly budget reconciliations.

Example Prompts

1. 'Can you check if my current subscription payment of 15 GBP to CloudServices fits within my existing Signet Guardian policy?'
2. 'Please pay for the software license extension, but only if the Signet Guardian preflight check returns an ALLOW status.'
3. 'Review my current monthly spending limit in the Signet policy and determine if I can afford an additional 50 USD purchase today.'

Tips & Limitations

• Concurrency Management: While preflight checks are advisory for fast-failing, the record process is the ultimate authority. Always use signet-record to ensure the monthly ledger is updated atomically via file locking.
• Currency Constraints: The skill does not perform currency conversion. Ensure your request currency perfectly matches your policy currency to avoid automatic DENY responses.
• Policy Maintenance: If your policy file is missing, the agent will default to a restrictive state. Always keep your policy.json updated to avoid disruption of service.
• Integration Requirement: This is middleware; it requires active participation from other payment-capable skills. If a skill does not call signet-preflight and signet-record, Signet Guardian cannot protect those transactions.