payram-self-hosted-payment-gateway

[Skill Scanner] Pipe-to-shell or eval pattern detected The guide describes legitimate steps to self-host a crypto payment gateway, but contains multiple high-risk operational patterns: an unverified pipe-to-shell installer, instructions to input highly sensitive cryptographic secrets into server-side software, lack of artifact verification, and encouragement to run development servers. While the document does not itself contain malicious code, these patterns create straightforward exfiltration and full-compromise paths if the installer or installed components are tampered with. Recommendations: do NOT run curl | bash without reviewing and verifying a signed installer; prefer cloning pinned-release source and performing an offline code review; use hardware wallets or offline signing for private keys and avoid pasting seed phrases into server UIs; restrict outbound network access during install; run helper tools in isolated environments; require signed release artifacts and published checksums/GPG signatures before trusting the installer. LLM verification: This skill documents a plausible legitimate purpose (deploying a self-hosted payment gateway) but includes multiple high-risk supply-chain and credential-handling patterns. The immediate dangerous pattern is the one-line installer (curl | bash https://get.payram.com) which executes remote code as root without any integrity checks. The skill also encourages importing private keys and a 12-word seed phrase into software flows, and runs unpinned JS dependencies, all of which are disproportionate to