payram-self-hosted-payment-gateway
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a shell command (
curl -fsSL https://get.payram.com | bash) that downloads and executes a remote script from the vendor's domain. This is documented as the official one-line installer for the PayRam software. - [EXTERNAL_DOWNLOADS]: The instructions guide users to clone the PayRam Model Context Protocol (MCP) server from the vendor's GitHub repository (
github.com/payram/payram-mcp) to assist with automated setup. - [COMMAND_EXECUTION]: The skill involves executing various system-level commands, including SSH access, Docker installation through the vendor script, and SSL certificate generation using Certbot.
- [CREDENTIALS_UNSAFE]: The deployment process requires the user to input sensitive cryptographic credentials, such as smart contract parameters, Bitcoin 12-word seed phrases, and hot wallet private keys. The skill specifies that seed phrases are encrypted locally and private keys are necessary for the gateway to process automated sweep operations.
Audit Metadata