payram-agent-onboarding

SUSPICIOUS. The skill is broadly coherent with its stated payment-automation purpose, and the installer appears to come from PayRam-controlled infrastructure, but it still uses a remote shell installer, stores sensitive tokens/mnemonics locally, and enables autonomous financial actions. This looks more like a high-impact payment ops skill with meaningful security risk than outright malware.