payram-no-kyc-crypto-payments

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Most links are to GitHub and the project's official domains (lower inherent risk), but the provided install pattern (curl -fsSL https://get.payram.com | bash), an opaque installer domain, and reliance on a small/unknown project + Telegram distribution are high‑risk indicators for executing remotely supplied code and possible malware distribution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime install command that pipes remote content to a shell ("curl -fsSL https://get.payram.com | bash"), which fetches and executes code from https://get.payram.com and therefore represents a high-risk runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway with concrete APIs and features to accept and move money: it exposes an SDK call (payram.payments.initiatePayment), has a dedicated payram-payouts skill to "Send crypto payouts", supports stablecoins and BTC, describes smart-contract sweeps and deposit addresses, and provides webhook/payment integration endpoints. These are specific, finance-focused capabilities (crypto payments, wallet/payout operations, payment integration) — not generic tooling — so it grants direct financial execution authority.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs deploying to a server as root (ssh root@...) and running a remote install script (curl ... | bash), which directs the agent/operator to obtain root-level access and modify the machine's system state and service files.