PayRam MCP Integration
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill connects an agent to high-impact crypto-payment tooling and unreviewed setup scripts that can use wallet credentials without clear safety limits.
Review carefully before installing. If you use it, start in a sandbox/testnet environment, do not provide production wallet mnemonics or root credentials to autonomous agents, inspect and pin any GitHub scripts before running them, and require explicit human confirmation for payment, payout, wallet, and contract-deployment actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could be guided into creating payment or payout workflows with unclear guardrails, which can cause financial loss or misdirected funds.
The skill advertises high-impact financial workflows and autonomous operation, but the artifacts do not show spending limits, recipient validation, reversal controls, or required human approval.
Accept USDC/USDT/BTC, create payment links, run payouts... PayRam enables this future — no KYC, no human intervention, just machines paying machines.
Use explicit per-action confirmation, spending and payout limits, recipient checks, and testnet/sandbox testing before allowing any production payment actions.
If these secrets are exposed or used incorrectly by an agent or script, an attacker or mistaken workflow could control payment accounts or wallets.
The referenced setup uses root credentials, saved auth tokens, and a wallet mnemonic, while the registry metadata declares no primary credential or required environment variables.
`PAYRAM_PASSWORD` — Root user password ... `PAYRAM_MNEMONIC` — Or mnemonic in `.payraminfo/headless-wallet-secret.txt`; Token is read from `.payraminfo/headless-tokens.env`
Declare credential requirements clearly, use isolated test credentials, avoid giving production wallet mnemonics to autonomous agents, and protect token/secret files with strict permissions.
Running the setup could install or change local services, databases, wallets, or payment infrastructure based on code that was not reviewed here.
The self-hosted setup executes a remote script from GitHub's mutable `main` branch, and that executable code is not included in the reviewed artifact set.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram.sh)"
Do not pipe remote scripts directly to a shell; inspect the script first, pin to a reviewed commit, and run it in a sandbox or dedicated environment.
Prompts, payment details, customer emails, project information, or other workflow data may be sent to a remote service whose tool behavior and data handling are not visible in the package.
The main workflow connects the agent to a remote MCP provider with many tools and no described account, API key, permission boundary, or data-retention boundary.
mcporter config add payram --url https://mcp.payram.com/mcp ... 36 tools immediately available. No account. No API key.
Treat the MCP endpoint as an external service, avoid sending sensitive production data until reviewed, and prefer a self-hosted or explicitly authenticated setup with documented data boundaries.
Users may over-trust the integration and allow an agent to handle payments or wallets before understanding the security and compliance risks.
The skill uses absolute safety and availability claims in a high-risk financial context without showing supporting controls or discussing legal, custody, key-management, or operational tradeoffs.
No KYC. No signup. No account freeze risk. Ever.
Independently assess the provider, legal requirements, custody model, and operational safeguards rather than relying on marketing claims.