payram-crypto-payments

This document is a product/skill README describing PayRam and its MCP tooling. It contains no explicit malicious code, obfuscated payloads, or clear credential-harvesting routines. However, it describes tools (assess_payram_project, test_payram_connection, scaffold_payram_app, payram-agent-onboarding) that, if implemented to upload project source, configs, or secrets to remote services (mcp.payram.com) or to install additional skills without strict vetting, could enable supply-chain exfiltration or untrusted code execution. Key risks: unclear whether project scans/upload are local-only, transitive installation of other skills/CLIs, and potential for scaffolded apps to cause accidental secret leakage. Recommend: verify that 'assess' and 'test' operations run locally or explicitly document upload behavior; avoid entering secrets into scaffolded templates that will be uploaded; audit any transitive skill installs and the MCP server code before trusting it with sensitive projects.