Skills
skills/payram/payram-helper-mcp-server/payram-no-kyc-crypto-payments/Snyk

payram-no-kyc-crypto-payments

Fail

Audited by Snyk on Feb 21, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The links point to GitHub and a project domain that could be legitimate, but the skill explicitly instructs piping a remote script (curl https://get.payram.com | bash) — a high-risk pattern because it blindly executes remote code and Telegram can be used to distribute binaries, so these sources should be treated as suspicious until audited.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill contains an explicit runtime command that fetches and executes a remote installer (curl -fsSL https://get.payram.com | bash), meaning https://get.payram.com is used at runtime to download and run remote code as a required deployment step.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway with SDK methods and integrations for moving funds. It includes an API example (payram.payments.initiatePayment), modules for payouts ("payram-payouts" — "Send crypto payouts"), chain-specific payments ("payram-stablecoin-payments", "payram-bitcoin-payments" with HD wallet derivation and mobile signing), and describes smart-contract sweeps and webhook/API key flows. These are concrete, payment-specific capabilities to initiate and manage crypto transactions (not generic browser or HTTP tooling), so it grants direct financial execution authority.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs deploying software via "ssh root@your-server-ip" and running a remote install script (curl ... | bash), which requires root/sudo and will modify system state (install services, config, keys) on the host—i.e., it pushes actions that compromise the machine's state.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 01:34 PM