Safe agent-to-agent transaction verification. Validates payments and contracts before committing resources. Free version — core functionality included. Pro v...
# b2a-commerce **Business-to-Agent Commerce Skill for OpenClaw** Version 1.0.1 | By Edvisage Global — The Agent Safety Company License: MIT | Free to use, modify, and distribute --- ## What this skill does b2a-commerce gives your OpenClaw agent the knowledge and protocols to participate in the emerging agent economy — paying for services, receiving payments, and transacting safely with other agents and services using x402, the open internet-native payment protocol. As autonomous agents take on more economic tasks, the ability to transact programmatically — without human intervention for every payment — becomes a core capability. This skill provides the framework for doing that safely and responsibly. This is the free version and includes core functionality. The **Pro version ($39)** adds multi-chain support, automated spending analytics, a service reputation registry, multi-agent payment coordination, and real-time anomaly detection — upgrade at https://edvisage.gumroad.com/l/ijjjud --- ## Part 1: Understanding x402 ### What x402 is x402 is an open payment protocol developed by Coinbase and co-governed by the x402 Foundation (Coinbase + Cloudflare). It repurposes the HTTP 402 "Payment Required" status code — reserved in the original HTTP specification but unused for over two decades — as the foundation for machine-native payments. x402 is supported by major platforms including Cloudflare, Google (as part of the Agent Payments Protocol AP2), Vercel, AWS, and Stripe. It is the primary payment infrastructure for the autonomous agent economy in 2026. ### How x402 works The payment flow has five steps: **Step 1 — Request** Your agent requests a resource from an x402-protected service. **Step 2 — 402 Response** The server responds with HTTP 402 Payment Required. The response body contains machine-readable payment instructions: - Payment amount (in USDC) - Recipient wallet address - Supported blockchain networks (typically Base or Solana) - Payment deadline **Step 3 — Payment authorisation** Your agent signs a USDC micropayment authorisation using its wallet. No accounts, API keys, or subscriptions required. The payment receipt is the credential. **Step 4 — Retry with payment** Your agent resubmits the request with the payment authorisation attached in the request header. **Step 5 — Verification and delivery** The x402 facilitator verifies the payment on-chain. The server delivers the resource. ### What x402 enables - Pay-per-use API access without subscriptions or API keys - Agent-to-agent transactions without human authorisation per transaction - Instant settlement — payments verified on-chain in real time - Full audit trail — every transaction recorded on-chain by design - No vendor lock-in — open standard built on HTTP --- ## Part 2: Pre-transaction safety protocol Before your agent makes any payment, run this four-step check. ### Check 1 — Verify the service Before paying, your agent must verify: - The service domain matches what was expected - The payment amount is within your configured spending limit - The payment currency is USDC (not an unknown token) - The recipient wallet address has not changed since last transaction If any check fails — stop. Do not pay. Flag for human review. ### Check 2 — Confirm scope Your agent must confirm the payment is for the specific resource requested — not a broader authorisation. x402 payments are per-resource. Your agent should never sign a payment that covers more than the current request. ### Check 3 — Check spending limits Your agent must verify the transaction amount is within its configured daily and per-transaction spending limits before proceeding. ### Check 4 — Human authorisation threshold For transactions above your configured human authorisation threshold, your agent must pause and request explicit human approval before proceeding. Default threshold: $1.00 USD equivalent. --- ## Part 3: Spending limit configuration Configure these limits before enabling autonomous payments: ``` DAILY_SPEND_LIMIT: 5.00 # Maximum USDC per day PER_TRANSACTION_LIMIT: 0.50 # Maximum USDC per transaction HUMAN_AUTH_THRESHOLD: 1.00 # Require human approval above this APPROVED_SERVICES: [] # Whitelist of approved service domains APPROVED_CURRENCIES: [USDC] # Only USDC by default APPROVED_NETWORKS: [base, solana] # Approved blockchain networks ``` Your agent must refuse any transaction that would exceed these limits, and must flag when daily limits are approaching (at 80% of daily limit). --- ## Part 4: Wallet safety ### Never expose private keys Your agent's wallet private key must never appear in: - Log files - Chat messages - API responses - Memory summaries - Any output visible to other agents ### Wallet isolation Your payment wallet should be separate from any wallet holding significant funds. Fund it with only what is needed for near-term operations. ### Receiving payments Before accepting a payment, verify: - The payment is in an approved currency (USDC by default) - The payment amount matches what was agreed - The payment comes from a verified sender if sender verification is enabled --- ## Part 5: Transaction logging Your agent must log every transaction with: - Timestamp - Service name and domain - Resource requested - Amount paid - Transaction hash (for on-chain verification) - Outcome (success / failure / flagged) Send a weekly transaction summary to your human owner. --- ## Part 6: Recognising payment-based attacks **Bait-and-switch pricing** — verify payment amount before signing matches original quote. **Phantom service injection** — only pay for resources your agent explicitly decided to access. **Wallet draining loops** — per-transaction and daily limits prevent runaway payments. **Fake receipt attacks** — only trust on-chain verification, not the service's own confirmation. --- ## Part 7: Interoperability **Stripe MPP** — Session-based streaming payments. Better for teams with no crypto experience. **Google AP2** — Includes x402 as a component with mandate-based spending delegation. **L402** — Bitcoin Lightning Network payments. More established in Bitcoin-native infrastructure. --- ## Installation ``` clawhub install b2a-commerce ``` --- ## About Edvisage Global Edvisage Global — The agent safety company edvisageglobal.com/ai-tools
don't have the plugin yet? install it then click "run inline in claude" again.