Skills
skills/payram/payram-helper-mcp-server/payram-self-hosted-payment-gateway/Snyk

payram-self-hosted-payment-gateway

Fail

Audited by Snyk on Feb 21, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). Although the links point to GitHub and a project site (generally lower-risk hosts), the package author is an unfamiliar third party and the skill explicitly instructs running a remote one-line installer (curl | bash) and handling private keys/seed phrases—actions that can easily distribute malware or enable fund theft unless the code and domains are independently audited—so these URLs should be treated as high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway and includes concrete, actionable financial operations: deploying proprietary smart contracts on EVM/TRON, configuring hot wallets with private keys, cold wallet sweeps, funding hot wallets for gas, API key generation for the gateway, checkout/webhook integrations, and an explicit "payram-payouts" capability to send crypto payouts. Those elements (wallet/key management, contract deployment, signing/sweeps, and payout APIs) are direct crypto/financial execution mechanisms rather than generic tooling.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs SSH-ing in as root and running a one-line installer (curl | bash) and other steps that install system services (Docker, PostgreSQL), run certbot, modify firewall/SSH settings and service configuration—actions that require sudo/root and change machine state.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 01:47 PM