payram-no-kyc-crypto-payments

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These look like an official project (website, GitHub, Telegram) but the skill explicitly instructs executing a remote installer (curl -fsSL https://get.payram.com | bash) — a high-risk supply‑chain pattern that can deliver malware or be hijacked, and GitHub/Telegram channels can be used to distribute binaries or malicious scripts if the project or account is untrusted.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime install command that pipes remote content to a shell ("curl -fsSL https://get.payram.com | bash"), which fetches and executes code from https://get.payram.com and therefore represents a high-risk runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway with concrete APIs and features to accept and move money: it exposes an SDK call (payram.payments.initiatePayment), has a dedicated payram-payouts skill to "Send crypto payouts", supports stablecoins and BTC, describes smart-contract sweeps and deposit addresses, and provides webhook/payment integration endpoints. These are specific, finance-focused capabilities (crypto payments, wallet/payout operations, payment integration) — not generic tooling — so it grants direct financial execution authority.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs deploying to a server as root (ssh root@...) and running a remote install script (curl ... | bash), which directs the agent/operator to obtain root-level access and modify the machine's system state and service files.