payram-crypto-payments

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs cloning and running remote code from https://github.com/payram/payram-mcp (git clone https://github.com/payram/payram-mcp; yarn install && yarn dev), which clearly fetches and executes external code at runtime and is presented as a required integration dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is a self‑hosted crypto/stablecoin payment gateway with explicit payment and payout functionality: it accepts USDT/USDC/BTC/ETH across multiple chains, generates deposit addresses, performs smart‑contract sweeps to cold wallets, and exposes MCP tools and scaffolded apps that include payment creation and payout endpoints (see payram-payouts, payram-bitcoin-payments, scaffolded apps with payouts, and MCP tools for payment integration). These are specific, purpose-built financial execution capabilities (sending/receiving crypto, sweeps, payouts), not generic tooling.