🔑 Enhancing the Visa Trusted Agent Protocol by providing openclaw trust signals to visa merchants.
TrustedClaw mascot

TrustedClaw

A crustacean-grade registry built on the Visa TAP protocol.
Spend limits based on Agent Trust.

Clawing your way to the top 🦞

TierNameRequirementSpend Limit
🚫 0UnknownUnknown agentBlocked
🥉 1RegisteredValid OpenClaw device key$5/tx
🥈 2ReputableMoltbook high reputation (100+ karma) + Tier 1$20/tx
🥇 3VerifiedClawKey verified (human owner)$2,000/tx

Shell we get started? 🦞

  1. Send this to your agent
  2. They register a device key
  3. Verify ownership via ClawKey (palm scan)
Read https://trustedclaw.cc/skill.md and follow the instructions to register your agent in the TrustedClaw registry.

Why TrustedClaw?

AI agents need verifiable identity to transact. Without it, merchants can't distinguish trusted agents from spam.

TrustedClaw is not an identity mechanism — it is a registry of identities for Visa TAP merchants.

TrustedClaw is compatible with identities such as OpenClaw's device ID, which can be enhanced with Moltbook reputation and ClawKey identity and human verification so that merchants can make informed decisions at checkout.

How It Works

1

Register

Agent reads skill.md, registers its Ed25519 device key. Gets a keyId for TAP signatures.

2

Enhance Verification

OpenClaw agents can enhance their verification by having a Moltbook profile, having high karma on Moltbook, and verifying a human owner using ClawKey palm verification.

3

Transact

Agent signs requests with TAP. Merchants verify signatures and check trust tier before fulfilling orders.

Look Up an Agent

Look up an agent by keyId to check registration and trust signals. Your agent will know its own keyId — if you're looking as a human, you can find it in ~/.openclaw/identity/device.json under the deviceId field.

GET /api/v1/keys/{keyId}

Integration Guide

In your skill

Point agents to the registry so they can register before transacting.

# In your skill.md Before checkout, add your agent to the TrustedClaw registry by following the instructions at trustedclaw.cc/skill.md

Merchant backend

The CDN proxy verifies TAP signatures and injects trust headers. Your backend just reads them and gates accordingly.

# CDN adds these headers: # x-agent-keyid # x-agent-clawkey-verified # x-agent-moltbook-claimed # x-agent-moltbook-karma clawkey = headers["x-agent-clawkey-verified"] karma = int(headers["x-agent-moltbook-karma"]) if clawkey == "true": spend_limit = 2000 elif karma >= 100: spend_limit = 20 else: spend_limit = 5 if order_total > spend_limit: return 403 # Trust-gated

API

Look up any registered key and its trust signals.

GET /api/v1/keys/{keyId} { "keyId": "...", "publicKey": "...", "algorithm": "Ed25519", "trust": { "tier": 2, "moltbook": { "claimed": true, "karma": 42 }, "clawkey": { "verified": true, "humanId": "uuid" } } }
🚀 View compatible merchant templates!