Use case
For non-MPP merchant checkouts, an agent may need to retrieve a one-time virtual card and fill a web checkout form.
The README shows:
link-cli spend-request retrieve lsrq_001 --include=card --format json
That makes sense mechanically, but it is risky in agent environments because stdout/tool output is often logged, persisted, or displayed in transcripts.
Problem
If --include card prints full card number/CVC to stdout, an agent integration can accidentally leak one-time payment credentials into:
- chat transcripts
- tool logs
- observability systems
- debugging output
- session history
Even though the card is one-time/short-lived, leaking payment credentials into logs is still something we’d want to avoid by default.
Suggested improvement
Add a safe credential handoff mode, e.g.
link-cli spend-request retrieve lsrq_x \
--include card \
--output-file /tmp/link-card.json \
--redact-stdout \
--format json
Expected stdout:
{
"id": "lsrq_x",
"status": "approved",
"card": {
"brand": "visa",
"last4": "4242",
"redacted": true
},
"card_output_file": "/tmp/link-card.json"
}The file would contain the full credential for local automation, while stdout remains safe.
Useful safety details:
- create file with
0600 permissions
- refuse to overwrite unless
--force
- optionally support
--ttl-seconds cleanup guidance
- maybe warn if output path is world-readable
Why this matters
This would let agents fill checkout forms without ever printing raw card data into their normal communication/logging channel.
For OpenClaw specifically, Ada could retrieve the card into a local temp file, use browser automation to fill the checkout, and only tell me something like:
Approved virtual Visa ****1234, valid until 7:42pm. Filling checkout now.
That feels like the right security boundary for agentic purchases.
Use case
For non-MPP merchant checkouts, an agent may need to retrieve a one-time virtual card and fill a web checkout form.
The README shows:
That makes sense mechanically, but it is risky in agent environments because stdout/tool output is often logged, persisted, or displayed in transcripts.
Problem
If
--include cardprints full card number/CVC to stdout, an agent integration can accidentally leak one-time payment credentials into:Even though the card is one-time/short-lived, leaking payment credentials into logs is still something we’d want to avoid by default.
Suggested improvement
Add a safe credential handoff mode, e.g.
Expected stdout:
{ "id": "lsrq_x", "status": "approved", "card": { "brand": "visa", "last4": "4242", "redacted": true }, "card_output_file": "/tmp/link-card.json" }The file would contain the full credential for local automation, while stdout remains safe.
Useful safety details:
0600permissions--force--ttl-secondscleanup guidanceWhy this matters
This would let agents fill checkout forms without ever printing raw card data into their normal communication/logging channel.
For OpenClaw specifically, Ada could retrieve the card into a local temp file, use browser automation to fill the checkout, and only tell me something like:
That feels like the right security boundary for agentic purchases.