payram-self-hosted-payment-gateway

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URLs are all branded to a single project (website, GitHub org, repo, MCP server, Telegram) and not intrinsically malicious, but they present a moderate-to-high risk because they come from an unverified/unknown vendor and the skill recommends piping a remote installer (curl https://get.payram.com | bash) and deploying code from presumably small GitHub repos — a common vector for supplying malicious scripts if the source is not audited.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running remote-install commands that fetch and execute code at runtime — notably "curl -fsSL https://get.payram.com | bash" and cloning "https://github.com/payram/payram-mcp" then running yarn dev — which makes those URLs runtime external dependencies that execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway and contains specific, finance-executing functionality: smart contract deployment for fund management, wallet configuration (including adding hot wallets with private keys and cold/master wallet controls), API key generation, checkout/webhook integration, and an explicit "payram-payouts" capability to send crypto payouts. These are direct crypto/blockchain payment tools (wallets, signing/deployment, payouts), not generic utilities, so it grants direct financial execution authority.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running an installer as root (ssh root@...), pipes a remote script to bash, and directs installing system services (Docker, PostgreSQL, systemctl-managed services), SSL via certbot, and server configuration—actions that modify system files and require elevated privileges.