payram-setup
Audited by Snyk on May 17, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill instructs copying generated API keys/configs and pasting them into agent settings and example curl commands (i.e., moving API keys and secrets verbatim), which would require the agent/LLM to handle and output secret values directly.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). The URLs point to an otherwise plausible self-hosted project (GitHub repos, a website, Telegram) but include raw GitHub-hosted shell scripts and explicit curl|bash install commands — a high-risk pattern for delivering arbitrary/executable code if the source or its maintainers are untrusted.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and executing remote scripts from public GitHub URLs (e.g., the Agent Onboarding curl command to https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh and the quick-install curl of https://github.com/PayRam/payram-server/main/install.sh), which causes the agent/operator to ingest and act on untrusted, user-hosted third‑party content that can materially change runtime behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime commands that fetch and execute remote install scripts (e.g., /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh)", curl -fsSL https://raw.githubusercontent.com/PayRam/payram-server/main/install.sh | bash) and clones remote code (https://github.com/PayRam/payram-server.git), which are required for setup and therefore execute remote code at runtime.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway deployment and onboarding guide. It includes concrete, finance-specific features: wallet configuration (hot/cold wallets), deploying sweep contracts, auto-sweeping rules, funding hot wallets, API key generation, a documented payment API (curl example to create a payment), and explicit "send payouts" and agent-only onboarding that enables programmatic payments. These are specific tools and APIs to accept, move, and sweep cryptocurrency funds (not generic tooling), so it grants Direct Financial Execution capability.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running remote install scripts and configuring system services (Docker, PostgreSQL, opening ports, SSL, deploying services), which will modify system state and almost certainly require elevated/sudo privileges on the host.
Issues (6)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Direct money access capability detected (payment gateways, crypto, banking).
Attempt to modify system services in skill instructions.