Agent-to-Agent Payments
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-to-agent-payments Version: 1.1.3 The skill instructs the agent to configure and interact with an external, unauditable service at `https://mcp.payram.com/mcp` via `mcporter config add` and `mcporter call` commands in `SKILL.md`. While this aligns with the stated purpose of agent-to-agent payments, it introduces a significant trust boundary and delegates execution control to a third-party remote endpoint. This represents a risky capability, as the full behavior of the remote service cannot be audited within the skill bundle, making the agent vulnerable if the external service were compromised or malicious. There is no direct evidence of intentional malice within the provided files, but the reliance on an external service for core functionality warrants a 'suspicious' classification due to the inherent security risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled broadly, the agent could invoke payment-related tools or initiate payment workflows without the user reviewing every financial action.
The skill asks the user to expose a remote payment toolset and explicitly describes agents paying for tasks, but it does not define tool scopes, approval requirements, transaction limits, or safe defaults.
36 tools immediately available. No signup. No KYC. ... Orchestrator agent → discovers service agents → pays for tasks → receives results
Only connect the MCP after reviewing the PayRam tool list and enforce explicit human approval, spending caps, recipient verification, and small test transactions.
The agent may be given authority over financial flows without the user understanding which funds, wallets, recipients, or accounts are in scope.
The artifact promotes delegated financial authority for crypto payment flows, but does not explain wallet ownership, account authorization, custody, spending authority, or privilege boundaries.
Accept payments autonomously — no human needed. ... autonomous treasury management ... No human intervention. Just USDC flowing between agents in seconds.
Use an isolated low-balance wallet or account, document exactly what the agent may do, require approval for spending, and verify compliance and custody risks before use.
An agent could pay or deliver data to an untrusted or misidentified counterpart if the surrounding system does not add strong verification.
The workflow depends on a third-party MCP service and agent-to-agent transactions, but the artifact does not define counterpart identity checks, message provenance, data-sharing boundaries, or dispute handling.
Agent A (data provider) → creates payment request → Agent B pays → Agent A delivers data ... MCP Server: https://mcp.payram.com
Verify counterpart identities, restrict what data the agent can share, log all payment/request exchanges, and require review for new recipients or services.
The agent's available payment behavior may depend on a remote service that can change outside the reviewed SKILL.md file.
The setup is a direct connection to a remote MCP provider. This is purpose-aligned, but the artifact does not include the server implementation or a complete manifest of the tools it exposes.
mcporter config add payram --url https://mcp.payram.com/mcp
Review PayRam's official docs and repository, monitor tool changes, and disconnect the MCP when it is not needed.
Users may over-trust the payment integration or overlook legal, compliance, and operational risks.
The artifact uses promotional and authority-building claims around a financial service. These may be true, but the reviewed artifacts do not substantiate them or explain the compliance tradeoffs.
No signup. No KYC. ... Founded by WazirX co-founder · $100M+ volume
Independently verify the provider, legal requirements, fees, custody model, and operational history before delegating payment authority.