Security profile for handling payment card data with PCI-DSS controls.
Deploy in 30 minThis is what your OpenClaw config looks like. Deploy it on Clawctl in 30 min.
# Clawctl Security Profile — PCI-DSS
# Good for: e-commerce, payment processing, fintech
{
"security": {
"level": "enterprise",
"pci_dss": true,
"egress": {
"filter": true,
"strict": true,
"allowed_domains": ["api.stripe.com"]
},
"guardrails": {
"blocked_patterns": ["full_card_number", "cvv"],
"require_approval": ["process_payment", "issue_refund"]
},
"audit": { "retention_days": 365 }
}
}Card data handling restrictions
Strict network segmentation via egress filtering
Payment-aware guardrails
Transaction audit logging
Encrypted card data handling
Quarterly access review support
E-commerce businesses processing payments
Fintech companies with card data
Payment gateway integrations
Any business handling cardholder data
Enterprise-grade with SIEM export, RBAC, 365-day retention, and compliance evidence generation.
No. Guardrails block full card number exposure. The agent uses tokenized references via Stripe or your payment processor.
With approval workflows. Every refund requires human sign-off.
The security controls support PCI-DSS Level 1 requirements. Your overall compliance depends on your full infrastructure.
30 min to deploy. $49/month. Full security included. No DevOps required.
Get Started with ClawctlMinimal Security Profile
Basic security for development and testing. Relaxed restrictions, full tool access, minimal approval gates.
Standard Security Profile
Production-ready security with approval gates, egress filtering, and audit logging. The Clawctl default.
Enterprise SOC 2 Profile
Enterprise security with SIEM export, 365-day retention, RBAC, and SOC 2 compliance evidence.