payram-setup

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] This document is a deployment/onboarding guide that is functionally consistent with a self-hosted payment gateway. It contains high-risk supply-chain patterns: unpinned remote install-and-execute commands (curl | bash) and instructions that gather and store many sensitive secrets (DB credentials, encryption keys, wallet private keys, API keys). Those patterns significantly increase the chance of credential exposure or remote compromise if the referenced remote scripts or upstream repositories are tampered with. I do not find evidence of embedded malware in the text itself, but the installation patterns and credential scope are disproportionate enough to classify this as suspicious/vulnerable. Recommended actions: do not run pipe-to-shell installs without auditing the script contents; clone the repositories and review/install from vetted commits/tags; restrict secret scopes, use hardware wallets or key management where possible, and verify MCP endpoints are fully controlled before sharing apiKeys. LLM verification: This skill documentation is coherent with its stated purpose (deploy and configure a self-hosted crypto payment gateway) and legitimately requires credentials and wallet information. However, the installer distribution and execution pattern (curl|bash from raw GitHub URLs, no integrity checks or pinned commits) is a high-risk supply-chain pattern. The documentation also encourages generation and placement of long-lived API keys into agent configurations, increasing credential exposure. I find no