Skills
skills/payram/payram-helper-mcp-server/payram-no-kyc-crypto-payments/Gen Agent Trust Hub

payram-no-kyc-crypto-payments

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly recommends executing a script from an untrusted source via curl -fsSL https://get.payram.com | bash. This is a classic 'piping to bash' vulnerability. Because get.payram.com is not a trusted source, the server can deliver malicious payloads to the user's terminal with the same permissions as the user (or root as suggested in the instructions).
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill promotes the download and installation of software from a non-whitelisted domain (payram.com). Without verification of the integrity of these downloads, there is no guarantee that the software matches the descriptions provided in the skill markdown.
Recommendations
  • HIGH: Downloads and executes remote code from: https://get.payram.com - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 01:34 PM