Adding Spending Policies to Any OpenClaw Agent
The Conto skill for OpenClaw checks every payment against 40+ policy rules before money leaves the wallet. Here's how to set it up.
OpenClaw gives agents the ability to act. Conto gives organizations control over how those agents spend money. The Conto skill for OpenClaw connects both: it hooks into the payment flow and evaluates every transaction against 40+ policy rule types before a dollar moves onchain.
The Problem With Uncontrolled Agent Wallets
When you give an OpenClaw agent a wallet, it can pay anyone, any amount, at any time. For personal projects and hackathons, this is fine. For anything with real stakes (a company deploying agents, a team managing budgets, a product handling user funds) it's a serious gap.
The common workaround is to limit the wallet balance. Give the agent $50 and let it spend freely. But that doesn't distinguish between a legitimate $50 vendor payment and a $50 payment to a malicious address. It doesn't enforce business hours. It doesn't require approval for high-value transactions. It's a balance cap, not a policy engine.
How the Conto Skill Works
The skill sits between the agent's intent to pay and the actual onchain transfer:
Agent decides to pay → Skill calls Conto → Policies evaluated → Pay or denyWhen the agent wants to send money, the skill calls Conto's payment request endpoint. Conto evaluates every policy assigned to the agent. If all rules pass, the payment proceeds. If any rule fails, the payment is blocked and the agent receives the specific violations.
The agent doesn't need to know about the policies. It tries to pay. The control layer handles the rest.
Setting It Up
Four steps:
- Connect your agent in Conto - create an agent record and assign policies
- Link your wallet - register your wallet address so Conto can track spend limits
- Generate an SDK key - Standard for payment-only, Admin if you want the agent to manage its own policies
- Add to OpenClaw config - set the SDK key and API URL in
openclaw.json
Once configured, the agent can interact with policies through natural language:
/conto create a policy that limits each transaction to 200 pathUSD
/conto list my policies
Send 50 pathUSD to 0x742d... on TempoThe last command triggers the full flow: the skill calls Conto, policies are evaluated, the agent transfers onchain, and the skill confirms the transaction back to Conto for tracking.
What You Can Control
The skill supports all of Conto's policy types:
- Spending limits - per-transaction, daily, weekly, monthly caps
- Counterparty controls - allowlists and blocklists for recipient addresses
- Time restrictions - business hours, allowed days, blackout windows
- Category controls - allow or block specific payment categories
- Approval thresholds - require human sign-off above a certain amount
- Velocity limits - rate-limit transaction frequency
- x402 and MPP controls - govern micropayment spending
Policies can be created through the Conto dashboard, the API, or through the OpenClaw agent itself (with an Admin SDK key). They're evaluated independently, and the first denial wins.
The External Wallet Flow
OpenClaw agents typically hold their own keys, so they use Conto's external wallet flow:
- Approve - skill calls Conto to check policies
- Transfer - agent sends the payment onchain using its own keys
- Confirm - skill reports the transaction hash back to Conto
Conto never needs access to the agent's private keys. It only provides the policy decision. The agent keeps full custody of its wallet while getting spending controls.
Dashboard Visibility
Every payment, approved or denied, shows up in the Conto dashboard. Confirmed transactions include explorer links and full audit trails. Denied attempts appear in the alerts view with the specific policy violations that blocked them.
For organizations running multiple OpenClaw agents, this is a single view of all agent financial activity: which agents are spending, how much, to whom, and whether any are hitting policy limits.
The full setup guide with an end-to-end example is in the docs: OpenClaw Skill. Install from ClawHub with npx clawhub install conto, or add the skill directly from the manifest at conto.finance/skill.md. For quick policy setup commands, check the Recipes page.
Related
- Zero to First Agent Payment in 5 Minutes - the general Conto setup walkthrough
- Five Layers of Security for Agents That Spend Money - design a complete policy strategy
- How to Test Agent Payments Without Losing Real Money - validate policies on Tempo Testnet
Running OpenClaw agents that handle money? Add spending controls with Conto or reach out at support@conto.finance.