payram-checkout-integration
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the 'payram' and 'dotenv' packages via NPM, which are the official vendor SDK and a standard configuration utility. These are legitimate resources for the skill's stated purpose of payment integration.
- [COMMAND_EXECUTION]: Provides standard installation commands for package managers (e.g., 'npm install payram') and references MCP tools for code generation. These operations are restricted to the intended developer setup and do not represent unauthorized command execution.
- [CREDENTIALS_UNSAFE]: The documentation correctly instructs users to manage sensitive information like 'PAYRAM_API_KEY' and 'PAYRAM_BASE_URL' using environment variables and '.env' files, following security best practices for credential management.
- [DATA_EXFILTRATION]: Communication is directed to the vendor's API endpoints (e.g., 'payram.com', 'your-payram-server'). These network operations are necessary for the payment processing functionality and are performed using standard HTTP clients with no signs of data exfiltration to unauthorized third parties.
Audit Metadata