Back to skill
Skillv1.0.0
VirusTotal security
Crypto payments for agents and humans, full stack with Payram · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:36 AM
- Hash
- 3c7ec022359c19174af3b11a6d0cf8fe239ac4e4b3a88adf04c122fcde281e07
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crypto-payments-self-hosted-payram Version: 1.0.0 The skill bundle is classified as suspicious due to instructions in `SKILL.md` that direct the agent to clone and execute code from a remote GitHub repository (`https://github.com/PayRam/payram-helper-mcp-server`) using `git clone` and `yarn install && yarn dev`. This introduces a significant supply chain risk, as a compromised repository could lead to arbitrary code execution. Additionally, the skill describes tools like `assess_payram_project` and `scaffold_payram_app` which imply broad file system read and write access, respectively, posing further security risks despite being plausibly aligned with the stated purpose of integrating a payment gateway.
- External report
- View on VirusTotal