Skills
skills/payram/payram-helper-mcp-server/payram-setup/Gen Agent Trust Hub

payram-setup

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [Remote Code Execution] (CRITICAL): The skill executes a remote script using the curl | bash pattern. This allows an external party to execute arbitrary commands on the system with no validation of the script's content.
  • Evidence: curl -fsSL https://raw.githubusercontent.com/PayRam/payram-server/main/install.sh | bash found in automated scan results.
  • [External Downloads] (HIGH): The download source https://raw.githubusercontent.com/PayRam/payram-server/main/install.sh belongs to an untrusted GitHub organization (PayRam). Execution of unverified scripts from non-standard or untrusted sources is a major security violation.
  • [Command Execution] (HIGH): The use of shell piping to execute downloaded content bypasses standard package management and security reviews, facilitating potential system compromise.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/PayRam/payram-server/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 01:31 PM