payram-no-kyc-crypto-payments

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill/documentation describes a plausible self-hosted, no-KYC crypto payment gateway and the API examples align with that purpose. However the installation instructions include a high-risk 'curl | bash' pipe-to-shell pattern executed as root (ssh root@... + curl | bash), and there's no evidence of cryptographic verification or pinned releases. This is a significant supply-chain risk: an attacker who controls or compromises get.payram.com (or its upstream hosting) could execute arbitrary code on operator servers, exfiltrate secrets, or install backdoors. There are also policy/abuse concerns because the product explicitly avoids KYC and aims for censorship-resistance. I classify this as SUSPICIOUS: not definitively malicious based on the provided text, but the installation/execution pattern plus the anonymous use case makes it a medium-high security risk. Operators should treat the installer as untrusted until its contents are inspected and verified; prefer manual installation, signed releases, and least-privilege installs instead of running as root. LLM verification: This document describes a legitimate-seeming self-hosted, no-KYC crypto payment gateway and includes fitting integration examples. However, it contains a high-risk supply-chain pattern: an unpinned curl|bash installer (https://get.payram.com | bash) and an instruction to SSH as root, which together create a large attack surface for code-execution and credential compromise at install time. The 'no-KYC' design increases abuse potential but is a business choice rather than direct malware. Because t