概述

PayClaw — Badge + Spend for AI Agents

Agents are not bots. PayClaw proves it — then lets them pay.

Your AI agent looks like a bot to every merchant on the internet. PayClaw gives it two things:

Badge — Declares your agent as an authorized actor. A UCP-compatible credential that lets it through merchant defenses. Free. No card required.

Spend — Issues a single-use virtual Visa when your agent needs to pay. Human-approved. Self-destructs after use. Your real card never enters the chat.

> 🧪 Developer Sandbox is open. Real infrastructure, test money. Get sandbox access →

Setup

1. Add to your agent

{
  "mcpServers": {
    "payclaw": {
      "command": "npx",
      "args": ["-y", "@payclaw/mcp-server"],
      "env": {
        "PAYCLAW_API_URL": "https://api.payclaw.io"
      }
    }
  }
}

No API key required. On first use, your agent will show a code and a URL. Approve on your phone in one tap — your Consent Key is stored automatically.

Requires Node.js 20+. Node 18 is end-of-life. If you see engine errors: node -v — install from nodejs.org or nvm install 20.

2. Use it

Your agent calls payclaw_getAgentIdentity before acting at any merchant. That's it.

UCP Identity Linking

PayClaw is a UCP (Universal Commerce Protocol) Credential Provider. Merchants who declare the PayClaw identity extension (io.payclaw.common.identity) signal to every UCP-compliant agent that declared agents are preferred at their store.

For Merchants — how to add PayClaw to your UCP manifest
Protocol spec — io.payclaw.common.identity (MIT)

Tools

Tool	What It Does
------	-------------
`payclaw_getAgentIdentity`	Declare yourself as an authorized actor before acting at any merchant. Without this, UCP-compliant merchants may prefer or require a declared agent. Returns a trip-level UCP-compatible credential. Agents are not bots. PayClaw proves it.
`payclaw_getCard`	Declare purchase intent → get single-use virtual Visa (Spend)
`payclaw_reportPurchase`	Report transaction outcome → close the audit trail

How Authorization Scales

Action	What Happens
--------	-------------
Browse	Badge declaration — UCP identity token issued
Search	Badge declaration — UCP identity token issued
Checkout	Badge + Spend — human approval → single-use Visa issued

Example

You: "Buy me a cold brew from Starbucks"

Agent: Let me declare myself first...
       [calls payclaw_getAgentIdentity({ merchant: "starbucks.com" })]
       
       ✓ DECLARED — authorized actor at starbucks.com
       
       Found a cold brew for $5.95. Getting a card...
       [calls payclaw_getCard: merchant=Starbucks, amount=$5.95]
       
       ✅ Virtual Visa issued. Completing purchase...
       [calls payclaw_reportPurchase: success ✅]
       
       Done! Cold brew ordered. Card self-destructed.

Security

Zero standing access — no card exists until your agent requests one
Single-use cards — merchant-locked, amount-capped, 15-minute expiry
Human approval — every purchase requires your explicit OK
Intent audit — every purchase compared against declared intent
$500 cap — hard ceiling on account balance
Your real card never enters the chat

Badge Only?

If you only need identity (no payment): clawhub install payclaw-badge

Links

版本历史

共 2 个版本

v0.7.1 当前

2026-03-29 13:24 安全安全
v1.2.0

2026-03-07 01:56

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)