Ensures any purchase, booking, or financial commitment is verified for item, price, terms, authorization, payment privacy, and reversibility before proceeding.
# AANA Purchase Booking Guardrail Skill Use this skill when an OpenClaw-style agent may purchase, book, reserve, subscribe, renew, upgrade, downgrade, cancel, refund, bid, donate, transfer funds, or take any irreversible or financially binding action. This is an instruction-only skill. It does not install packages, run commands, write files, call services, persist memory, or execute a checker on its own. ## Core Principle Financial commitment actions should happen only after the agent verifies the exact item, vendor, price, fees, dates, cancellation terms, payment method, user authorization, and reversibility. The agent should separate: - browsing or comparing options, - drafting a plan or cart, - filling forms without submitting, - reversible holds or saved drafts, - actions that create charges, subscriptions, reservations, renewals, deposits, penalties, or legal/financial commitments, - payment or identity data that must be minimized or redacted. ## When To Use Use this skill before: - buying products, services, tickets, memberships, gift cards, domains, software, or subscriptions, - booking travel, hotels, rentals, appointments, restaurants, events, or services, - reserving inventory or placing deposits, - renewing, upgrading, downgrading, or cancelling subscriptions, - accepting fees, penalties, cancellation terms, auto-renewal terms, or non-refundable terms, - submitting payment, billing, shipping, identity, loyalty, or account information, - confirming a purchase order, invoice, donation, bid, transfer, or refund request. ## Financial Risk Classes Treat these as higher risk: - non-refundable purchases, deposits, cancellation penalties, auto-renewals, trials that convert to paid plans, - travel dates, event dates, hotel check-in/check-out, appointment times, time zones, party size, and identity details, - recurring subscriptions, annual contracts, seat counts, usage-based billing, overdraft risk, installment plans, and financing, - high-value items, limited inventory, resale tickets, third-party sellers, warranty terms, taxes, shipping, import duties, service fees, - payment methods, card details, bank details, billing address, account identifiers, loyalty numbers, and private purchase history, - purchases or bookings for someone else. ## AANA Commitment Gate 1. Identify the action: browse, compare, draft, hold, purchase, book, reserve, subscribe, renew, cancel, refund, bid, donate, or transfer. 2. Identify the commitment: one-time charge, recurring charge, deposit, cancellation penalty, reservation, contract, or irreversible submission. 3. Verify key facts: item/service, vendor, quantity, date/time, location, total cost, taxes, fees, currency, refundability, cancellation terms, and renewal terms. 4. Check authorization: confirm the user explicitly approved this exact action and cost. 5. Check payment privacy: do not expose full payment numbers, bank details, credentials, or unnecessary account data. 6. Check reversibility: prefer cart, quote, draft, hold, or review screen before final submission. 7. Check scope: do not add extras, warranties, insurance, upsells, tips, donations, seats, bags, or subscriptions without approval. 8. Choose action: accept, revise, ask, defer, refuse, or route to human review. ## Required Pre-Flight Checks Before a financially binding action, verify: - exact item, service, reservation, or subscription, - vendor or merchant, - recipient or traveler/customer identity when relevant, - date, time, location, time zone, and duration when relevant, - quantity, seat count, tier, plan, add-ons, and renewal behavior, - total price including taxes, fees, shipping, deposits, tips, and currency, - refund, cancellation, return, trial, and auto-renewal terms, - payment method to use without exposing full sensitive details, - whether the action is reversible after submission, - explicit user approval for the final action. ## Explicit Approval Rule Ask for explicit approval before final submission when an action may charge money, create a recurring commitment, reserve scarce inventory, expose payment details, or become hard to undo. Approval should include the exact commitment: ```text Please confirm: book 1 refundable hotel room at the listed property for May 8-10, total $412.30 including taxes and fees, using the card ending in 1234. ``` Do not treat broad intent as final approval. "Find me a hotel" is not approval to book. "This one looks good" is not approval to pay. "Renew it" still requires plan, price, term, renewal date, and payment method confirmation. ## Purchase And Booking Overclaim Rules Do not claim: - an item was purchased, - a booking was confirmed, - a refund was issued, - a subscription was cancelled or renewed, - a price is guaranteed, - a reservation is refundable, - a fee will not apply, - a vendor will honor an exception, - inventory will remain available, unless the agent has verified evidence from an approved system or the user-provided confirmation. ## Private Payment Data Rules Minimize or remove: - full card numbers, bank numbers, security codes, auth codes, passwords, - billing address, shipping address, loyalty numbers, account IDs, - purchase history, invoices, receipts, reservation codes, confirmation numbers, - identity documents, passport numbers, date of birth, travel companions, and private messages. Prefer: - "card ending in 1234" instead of full card number, - "saved payment method" instead of raw payment details, - "confirmation code redacted" instead of the full code, - "billing address on file" instead of repeating the address. ## Safer Alternatives Prefer: - compare options before choosing, - prepare a cart without checking out, - hold or reserve only when the terms are clear, - ask the user to complete payment directly, - use a review screen before final confirmation, - save a draft rather than submit, - defer high-value, ambiguous, or third-party purchases to human review. ## Review Payload When using a configured AANA checker, send only a minimal redacted review payload: - `task_summary` - `action_type` - `commitment_type` - `amount_summary` - `terms_status` - `authorization_status` - `payment_privacy_status` - `reversibility_status` - `recommended_action` Do not include full payment details, bank details, credentials, identity documents, raw receipts, full reservation codes, private messages, or unrelated account records when a redacted summary is enough. ## Decision Rule - If the action is non-binding browsing, comparing, or drafting, accept with ordinary care. - If final commitment facts are incomplete, ask. - If the draft includes unapproved add-ons, recurring terms, fees, or payment details, revise. - If the action is high-value, non-refundable, legally binding, or for someone else, defer or require explicit approval. - If the request would expose payment secrets, bypass consent, misrepresent terms, or spend money without approval, refuse and explain briefly. - If a checker is unavailable or untrusted, use manual purchase and booking review. ## Output Pattern For purchase-sensitive actions, prefer: ```text Purchase/booking review: - Action: ... - Total cost: ... - Terms: refundable / non-refundable / recurring / unclear - Payment privacy: ... - Reversibility: ... - Approval: confirmed / needed / unclear - Decision: accept / revise / ask / defer / refuse ``` Do not include this review block in the user-facing flow unless useful or required before final action.
don't have the plugin yet? install it then click "run inline in claude" again.
restructured the original instruction-only skill into implexa's six-component format, added explicit decision points with if-else branches, documented aana checker as optional external input with fallback, added edge cases (rate limits, auth failures, network timeouts, empty results), expanded procedure to 11 numbered steps with clear inputs and outputs per step, and created structured output contract with redaction rules.
use this skill whenever an agent considers any purchase, booking, reservation, subscription change, refund, bid, donation, or financial commitment that could charge money, lock in recurring fees, reserve scarce inventory, or become hard to undo. the skill separates safe browsing and drafting from irreversible financial actions, ensuring exact item, vendor, price, terms, user authorization, payment privacy, and reversibility are verified before proceeding. deploy it as a guardrail checkpoint before the agent claims a booking is confirmed, a purchase is complete, or money has moved.
AANA_CHECKER_URL, requires http or https transport, may have rate limits of 100 req/min; include oauth token if service requires Authorization: Bearer <token>). if unavailable, fall back to manual review.identify the action type: classify the proposed action as browse, compare, draft, hold, purchase, book, reserve, subscribe, renew, downgrade, cancel, refund, bid, donate, or transfer. output the label and confirm it matches the user's stated intent.
identify the commitment type: determine whether the action creates a one-time charge, recurring charge, deposit, cancellation penalty, reservation lock, legal contract, or irreversible submission. flag any auto-renewal, trial-to-paid conversion, or non-refundable term.
collect and verify key facts: confirm exact item/service name, vendor, quantity, date/time/location/timezone (if applicable), total cost including taxes, fees, shipping, tips, and currency. cross-check against any prior quote or cart to detect injected fees or upsells. output a summary block with all facts.
verify authorization: ask the user for explicit written approval of the exact action, cost, and payment method (e.g., "confirm: book 1 refundable room for may 8-10, total $412.30 including taxes, using card ending 1234"). do not accept vague intent ("find me a hotel", "this looks good", "renew it") as final approval. output whether approval is confirmed, pending, or missing.
check payment privacy: scan for and redact full card numbers, bank account numbers, security codes, passwords, billing/shipping addresses, loyalty numbers, account identifiers, passport numbers, dates of birth, or private messages. replace with labels (e.g., "card ending 1234", "saved payment method", "confirmation code redacted"). output a privacy status (safe, redacted, or exposed with specifics).
check reversibility: confirm whether the action can be undone after submission (e.g., refundable booking vs. non-refundable deposit). if non-reversible or hard to undo, flag as higher risk. prefer offering cart, quote, draft, hold, or review screen before final submission. output reversibility status (reversible, conditional, non-reversible, or unclear).
check scope creep: compare the final action against the user's stated approval. flag any added warranties, insurance, upsells, tips, donations, extra seats, bags, or recurring add-ons not explicitly approved. if detected, revise or ask for approval.
apply risk classification: score the action as low-risk (non-binding browsing), medium-risk (reversible booking with clear terms), or high-risk (non-refundable, recurring, high-value, for someone else, legally binding, or identity-sensitive). output the risk level.
decide action: choose accept, revise, ask, defer, or refuse based on risk level, approval state, privacy exposure, and reversibility. output the decision and brief rationale.
send to checker (if configured): if an aana checker service is available and the action is medium or high risk, send a minimal redacted payload (see output contract). parse the response and use it to confirm or override step 9. log any checker timeouts, auth failures, or rate limit errors and fall back to manual review.
return outcome signal: output the final decision, action status, and any next steps for the user or agent.
if the action is non-binding browsing, comparing, or drafting: accept with ordinary care. do not require explicit approval or payment verification.
if final commitment facts are incomplete or unclear (e.g., price not shown, cancellation terms missing, renewal date unknown): ask the user to clarify before proceeding. do not guess or assume.
if the draft includes unapproved add-ons, recurring terms, hidden fees, or payment details not previously discussed: revise the draft and re-request approval, or ask the user to confirm each added item separately.
if the action is high-value (>$500 or agent's context-specific threshold), non-refundable, legally binding, involves recurring commitments, reserves scarce inventory, exposes payment secrets, targets someone else, or bypasses consent: require explicit user approval or defer to human review. do not proceed unilaterally.
if the request would expose full payment card numbers, bank details, security codes, passwords, billing addresses, identity documents, or private messages: refuse the action and explain that payment details must be minimized or redacted. offer to proceed with redacted labels instead.
if the user's verbal approval does not match the exact final action (e.g., user says "book a room", agent attempts to book room plus travel insurance without permission): revise the draft and re-request approval for the full bundle.
if an aana checker is configured and available: send a review payload and honor its recommendation. if the checker is unavailable, timed out (>10 sec), returns auth error, or hits rate limits (status 429), fall back to manual review using the decision rules above.
if an aana checker is not configured or is marked untrusted: use manual review. apply the decision rules directly and document the reason for the choice.
if payment method is missing or invalid (e.g., saved card expired, bank account flagged, payment provider down): ask the user to provide or update payment details before proceeding. do not attempt to retry or auto-select a fallback.
if the confirmation or receipt cannot be retrieved from the vendor or payment system (e.g., network timeout, 5xx error, auth revoked): do not claim the booking is confirmed, the purchase is complete, or the refund is issued. defer to human review or ask the user to verify directly with the vendor.
return a structured review block (internal or user-facing, depending on context) with these fields:
purchase/booking review:
- action: [browse | compare | draft | hold | purchase | book | reserve | subscribe | renew | downgrade | cancel | refund | bid | donate | transfer]
- item/service: [exact name or description]
- vendor: [merchant or provider name]
- quantity: [number or seat count]
- date/time/location: [if applicable; include timezone]
- total cost: [amount + currency, including taxes, fees, shipping]
- refund/cancellation terms: [refundable | non-refundable | conditional | auto-renewal | trial-to-paid | unclear]
- payment method: [label only, e.g., "card ending 1234" or "saved payment method", no full details]
- reversibility: [reversible | conditional | non-reversible | unclear]
- risk level: [low | medium | high]
- authorization status: [confirmed | pending | missing | unclear]
- payment privacy status: [safe | redacted | exposed (list specifics)]
- scope: [matches approval | add-ons detected (list) | unclear]
- decision: [accept | revise | ask | defer | refuse]
- rationale: [brief explanation of the decision]
- next step: [proceed with action | revise and re-request approval | ask user for clarification | defer to human review | explain refusal]
do not include full card numbers, bank account numbers, security codes, passwords, billing addresses, shipping addresses, loyalty numbers, account identifiers, reservation codes, confirmation codes, identity documents, passport numbers, dates of birth, or private messages in any user-facing output. if a redacted payload is sent to an aana checker, omit these fields entirely.
the skill succeeds when:
do not claim a purchase is confirmed, a booking is locked, a refund is issued, or a subscription is cancelled unless the action has been executed and verified by the vendor or payment system. output the review block and stop at the decision point until the user confirms or the agent receives explicit evidence of completion.