Agent-to-Agent Payments
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherently about agent payments, but it connects the agent to a remote payment MCP and promotes autonomous crypto transactions without clear limits, approvals, or trust boundaries.
Install only if you intentionally want your agent connected to PayRam for payment workflows. Before enabling it, review the provider's tool list and docs, use an isolated low-balance wallet or account, require human approval for spending, set transaction limits, verify recipients, keep logs, and disable the MCP when not in active use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled broadly, the agent could invoke payment-related tools or initiate payment workflows without the user reviewing every financial action.
The skill asks the user to expose a remote payment toolset and explicitly describes agents paying for tasks, but it does not define tool scopes, approval requirements, transaction limits, or safe defaults.
36 tools immediately available. No signup. No KYC. ... Orchestrator agent → discovers service agents → pays for tasks → receives results
Only connect the MCP after reviewing the PayRam tool list and enforce explicit human approval, spending caps, recipient verification, and small test transactions.
The agent may be given authority over financial flows without the user understanding which funds, wallets, recipients, or accounts are in scope.
The artifact promotes delegated financial authority for crypto payment flows, but does not explain wallet ownership, account authorization, custody, spending authority, or privilege boundaries.
Accept payments autonomously — no human needed. ... autonomous treasury management ... No human intervention. Just USDC flowing between agents in seconds.
Use an isolated low-balance wallet or account, document exactly what the agent may do, require approval for spending, and verify compliance and custody risks before use.
An agent could pay or deliver data to an untrusted or misidentified counterpart if the surrounding system does not add strong verification.
The workflow depends on a third-party MCP service and agent-to-agent transactions, but the artifact does not define counterpart identity checks, message provenance, data-sharing boundaries, or dispute handling.
Agent A (data provider) → creates payment request → Agent B pays → Agent A delivers data ... MCP Server: https://mcp.payram.com
Verify counterpart identities, restrict what data the agent can share, log all payment/request exchanges, and require review for new recipients or services.
The agent's available payment behavior may depend on a remote service that can change outside the reviewed SKILL.md file.
The setup is a direct connection to a remote MCP provider. This is purpose-aligned, but the artifact does not include the server implementation or a complete manifest of the tools it exposes.
mcporter config add payram --url https://mcp.payram.com/mcp
Review PayRam's official docs and repository, monitor tool changes, and disconnect the MCP when it is not needed.
Users may over-trust the payment integration or overlook legal, compliance, and operational risks.
The artifact uses promotional and authority-building claims around a financial service. These may be true, but the reviewed artifacts do not substantiate them or explain the compliance tradeoffs.
No signup. No KYC. ... Founded by WazirX co-founder · $100M+ volume
Independently verify the provider, legal requirements, fees, custody model, and operational history before delegating payment authority.