Skills
skills/payram/payram-helper-mcp-server/payram-headless-setup/Gen Agent Trust Hub

payram-headless-setup

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (HIGH): The automated scan detected a command that downloads a script from https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh and executes it via bash. This allows an untrusted third party to run arbitrary code with the agent's privileges.
  • External Downloads (MEDIUM): The skill performs network operations to fetch executable content from a non-whitelisted domain (PayRam), which is not recognized as a trusted source.
  • Command Execution (HIGH): The execution of downloaded scripts using bash bypasses local inspection and static analysis, posing a significant security risk to the environment.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 10:44 AM