Skillv1.0.0

ClawScan security

Crypto payments for agents and humans, full stack with Payram · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are broadly consistent with a self-hosted payment integration, but there are a few mismatches and operational risks (unknown registry source, instructions to clone/run third-party code, and scanning your codebase) that you should understand before installing or running anything.
Guidance: This skill appears to be a legitimate integration guide for a self-hosted crypto gateway, but exercise caution before running anything: 1) Verify the upstream sources independently (visit payram.com and the GitHub org directly and confirm repo ownership and recent commits). 2) Review the repository and dependency manifest yourself (or in a sandbox) before running 'yarn install' or 'yarn dev'—don't run unreviewed code on production systems. 3) Be careful with any steps that scan your codebase or request wallet secrets; limit scanning to only the directories you want analyzed and never paste private keys into untrusted tools. 4) If you plan to accept payments, get a security and compliance review (smart contracts, wallet architecture, and regulatory/KYC implications). If you want greater assurance, ask the publisher for pinned release artifacts (signed releases or commit SHAs) and explicit documentation of what secrets are required and where they're stored.

Review Dimensions

Purpose & Capability: noteThe name/description describe a self-hosted crypto payment gateway and the SKILL.md contains integration and deployment instructions that match that purpose. However, the registry metadata lists source/homepage as unknown/none while the SKILL.md points to payram.com and a GitHub org—this metadata mismatch reduces provenance confidence. Also the doc references additional setup (payram-setup) that will involve API keys and wallets, which is expected for this domain but not declared up front.
Instruction Scope: concernThe instructions tell an agent to clone a GitHub repo and run 'yarn install && yarn dev' and reference an MCP tool that will 'scan your codebase' (assess_payram_project). Asking a tool to scan local project files is reasonable for integration helpers, but it grants the agent permission to read potentially sensitive local source/config files. The SKILL.md does not constrain what will be scanned or how sensitive data will be handled.
Install Mechanism: noteThere is no formal install spec in the registry, but the SKILL.md advises cloning and running a GitHub repo with yarn. Using an official GitHub repo is common, but there is no pinned release/commit hash or checksum in the instructions—running 'yarn install && yarn dev' will fetch and execute third-party code, which carries the usual risks if the repo or dependencies are malicious or compromised.
Credentials: noteThe skill declaration requests no environment variables or credentials, which is proportionate for an instruction-only overview. However the documentation references a separate 'payram-setup' that will configure wallets and API keys; those steps will likely ask for secrets (wallet keys or signing methods). The SKILL.md does not declare or document what secrets will be required or where they will be stored, which is a transparency gap.
Persistence & Privilege: okThe skill does not request always:true and uses default autonomous invocation settings. It does not request persistence or system-wide configuration in the manifest. Autonomous invocation is allowed by default; combine that with the instruction to scan the user's codebase and execute external code only if you trust the skill source.