payram-openclaw-integration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most URLs are documentation or API endpoints, but the presence of a direct shell installer (https://payram.com/setup_payram_agents.sh) and an explicit curl|bash install instruction is a high-risk distribution vector because executing remote scripts from an unverified/third-party domain can install malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to connect to the public MCP endpoint (https://mcp.payram.com/mcp), fetch/auto-discover tools and payment data, and fetch/execute the setup script (https://payram.com/setup_payram_agents.sh) while relying on incoming PayRam webhook payloads to trigger fulfilment actions, so untrusted third‑party content from those endpoints can directly influence tool use and agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the user to run a setup command that fetches and immediately executes remote code (bash <(curl -fsSL https://payram.com/setup_payram_agents.sh)), which runs external script content at runtime for the testnet deployment step.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to accept and send money. It describes integration with the PayRam payment system (a payment gateway), auto-discovers financial tools such as create_payment and generate_invoice, exposes get_balance and send_payment (including signer/cold-wallet signing and signed-tx receipts), and walks through deploying contracts, funding wallets, creating payment links, webhook-based payment confirmation, and agent-to-agent paid endpoints. Those are concrete crypto/payment APIs and transaction-sending capabilities (not generic browser or HTTP tooling), so it grants direct financial execution authority.