payram-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs copying generated API keys/MCP config and shows examples embedding API keys in headers/commands, which requires the agent to handle and potentially output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs include direct raw GitHub shell scripts and curl|bash install instructions from an unvetted/unknown third‑party project (PayRam) — running remote .sh files executes arbitrary code and thus represents a significant risk unless you audit the repositories and scripts first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required onboarding steps explicitly instruct fetching and running scripts from public GitHub URLs (e.g., curl -fsSL https://raw.githubusercontent.com/PayRam/... and git clone https://github.com/PayRam/payram-server.git), so the agent will ingest and execute untrusted, user-hosted third-party content that can change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime commands that fetch and execute remote scripts (curl|bash), specifically https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh and https://raw.githubusercontent.com/PayRam/payram-server/main/install.sh, which directly execute remote code during setup and are therefore high-risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a crypto payment gateway and onboarding guide that enables programmatic payment operations. It describes installing a self-hosted PayRam server to "accept USDT, USDC, Bitcoin, and ETH", configuring node RPCs and wallets, generating API keys, creating payment links, and testing API calls (example curl POST to /api/v1/payment). It also documents hot/cold wallet setup, auto-sweeping, and references "payram-payouts" and "Agents can manage payments programmatically without web UI" and an agent-only onboarding script that generates API credentials for MCP integration. These are specific, payment-focused APIs and wallet management features (including payouts and sweeping), not generic tooling. Therefore it grants direct financial execution capability.