Crypto Payments Saas
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill depends on trusting PayRam's remote MCP service to provide correct payment-integration behavior.
The skill instructs users to add a remote MCP endpoint. This is central to the skill's purpose, but the remote server code and versioning are not part of the provided artifacts.
mcporter config add payram --url https://mcp.payram.com/mcp
Verify the PayRam endpoint, documentation, and provider identity before adding it, and prefer pinned or reviewed versions where available.
If generated billing or webhook code is deployed without review, it could incorrectly activate accounts, process payments, or handle customer billing events.
The skill documents tool calls that can scaffold payment-related application code and webhooks. This is expected for the stated SaaS billing purpose, but generated code can change important application behavior.
mcporter call payram.scaffold_payram_app ... includeWebhooks=true
Review generated routes, webhook verification, error handling, and test/sandbox behavior before deploying to production.
A misconfigured integration could affect customer invoices, subscriptions, or USDC payouts.
Payment creation, payout, and referral tracking involve business and financial authority. This aligns with the payment purpose, but the artifact does not describe account, wallet, or approval boundaries.
PayRam MCP handles payment creation, webhook fulfillment, payout, and referral tracking — all in one.
Use least-privilege PayRam/wallet credentials, separate test and production environments, and require human review for payout logic.
Project details, prompts, or configuration information could be shared with the remote service depending on how the tool is used.
The skill directs calls to an external MCP service for project assessment and code generation. The exact data sent to the remote MCP is not described in the artifact.
mcporter call payram.assess_payram_project
Avoid sending secrets, private keys, customer data, or unreleased source details unless the provider's data handling is acceptable.
A user might underestimate the tradeoffs of irreversible crypto payments or rely on unverified cost and trust claims.
The artifact uses strong marketing claims about finality, fees, and provider validation. These are not hidden behavior, but users should independently validate financial, operational, and compliance claims.
No Stripe. No chargebacks. Instant settlement.
Confirm fees, legal requirements, refund handling, tax/accounting needs, and provider reputation before switching payment infrastructure.