Skip to main content

OpenClaw Skill

The Conto skill for OpenClaw adds fine-grained spending policies to any AI agent. It checks every payment against 20+ policy rule types before money leaves the wallet.

How It Works

Agent wants to pay 50 pathUSD to 0xabc...
    |
    v
Skill calls POST /api/sdk/payments/approve
    |
    v
Conto evaluates all policy rules
    |
    +---> APPROVED: agent proceeds with payment
    +---> DENIED: agent stops, reports violations
    +---> REQUIRES_APPROVAL: agent pauses for human sign-off
Conto supports two wallet modes:
  • Conto-managed (PRIVY/SPONGE) — Conto holds the keys. One API call handles policy check + execution.
  • External — Agent holds the keys. Agent calls approve, transfers itself, then confirms.
Both modes evaluate the same 20+ policy rule types.

Install

Copy the skill into OpenClaw’s managed skills directory: 
cp -r skills/conto-policy ~/.openclaw/skills/

Configure

1. Create an agent in Conto

Sign in to the Conto dashboard and create an agent. Register your OpenClaw wallet address as an EXTERNAL wallet on Tempo Testnet (chain 42431).

2. Generate an SDK key

Go to Agents > your agent > SDK Keys > Generate New Key.
  • Select Standard for payment approval only
  • Select Admin if you want the agent to create/manage policies

3. Add to OpenClaw config

Edit ~/.openclaw/openclaw.json: 
{
  "skills": {
    "entries": {
      "conto": {
        "env": {
          "CONTO_SDK_KEY": "conto_agent_your_key_here",
          "CONTO_API_URL": "https://conto.finance"
        }
      }
    }
  }
}

Usage

Telegram / Discord / WhatsApp

/conto list my policies
/conto create a $200 per-transaction limit
Send 50 pathUSD to 0x742d... on Tempo

CLI

openclaw agent --agent main -m "/conto list my policies"
openclaw agent --agent main -m "Send 50 pathUSD to 0x742d... on Tempo"

Standard vs Admin SDK Keys

CapabilityStandardAdmin
Check payment policiesYesYes
Confirm paymentsYesYes
Pre-authorize x402 callsYesYes
Read policies and transactionsYesYes
Create/update/delete policiesNoYes
Manage agents and walletsNoYes

Create Policies from OpenClaw

With an admin SDK key, manage policies via natural language: 
/conto create a policy that limits each transaction to 200 pathUSD
/conto create a policy that only allows API_PROVIDER and CLOUD categories
/conto block address 0xbad... from receiving payments
/conto create a policy that requires approval for payments over 500 pathUSD
/conto list my policies
/conto delete the blocklist policy

Test Policies

After creating policies, verify enforcement: 
# Should approve (within limits)
/conto check if a 10 pathUSD payment to 0x742d... is allowed

# Should deny (over per-tx limit)
/conto check if a 500 pathUSD payment to 0x742d... is allowed

# Should deny (blocked address)
/conto check if a 1 pathUSD payment to 0xbad... is allowed

# Should deny (wrong category)
/conto check if a 10 pathUSD payment to 0x742d... for gambling is allowed

Supported Policy Types

TypeWhat it controls
MAX_AMOUNTPer-transaction cap
DAILY_LIMIT / WEEKLY_LIMIT / MONTHLY_LIMITCumulative spend caps
ALLOWED_CATEGORIES / BLOCKED_CATEGORIESCategory whitelist/blocklist
ALLOWED_COUNTERPARTIES / BLOCKED_COUNTERPARTIESAddress whitelist/blocklist
TIME_WINDOW / DAY_OF_WEEKBusiness hours, allowed days
BLACKOUT_PERIODMaintenance windows
VELOCITY_LIMITTransaction rate limiting
REQUIRE_APPROVAL_ABOVEHuman approval threshold
GEOGRAPHIC_RESTRICTIONCountry/OFAC restrictions
CONTRACT_ALLOWLISTDeFi contract restrictions
X402_PRICE_CEILINGMax per x402 API call
X402_ALLOWED_SERVICES / X402_BLOCKED_SERVICESx402 service allowlist/blocklist
X402_MAX_PER_SERVICEPer-service daily cap

Verify in Dashboard

After running payments through the skill, check the Conto dashboard:
  • Transactions — confirmed payments with tx hashes and explorer links
  • Alerts — denied payment attempts with violation details
  • Agents — spend tracking (daily/weekly/monthly used)

Run the E2E Test

For automated testing against a local Conto instance: 
# Terminal 1
npm run dev

# Terminal 2
npx tsx scripts/test-openclaw-skill.ts
This creates an isolated test agent with 4 policies, runs 10 tests verifying each policy type, and cleans up afterward.