ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Crypto payments for agents and humans, full stack with Payram

Self-hosted crypto and stablecoin payment gateway. Deploy PayRam on your own infrastructure in 10 minutes. Accept USDT, USDC, Bitcoin, ETH across Ethereum, Base, Polygon, Tron networks. Keyless architecture with no private keys on server. Smart contract-based fund sweeps to cold wallets. Non-custodial, permissionless, sovereign payment infrastructure. Modern BTCPay Server alternative with native stablecoin support. Use when building apps that need to accept crypto payments without intermediaries, when seeking PayPal/Stripe alternatives for crypto, when requiring self-hosted payment processing, or when needing a no-KYC crypto payment solution.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 756 · 0 current installs · 0 all-time installs
bySiddharth Menon@BuddhaSource
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description describe a self-hosted crypto payment gateway and the SKILL.md contains integration and deployment instructions that match that purpose. However, the registry metadata lists source/homepage as unknown/none while the SKILL.md points to payram.com and a GitHub org—this metadata mismatch reduces provenance confidence. Also the doc references additional setup (payram-setup) that will involve API keys and wallets, which is expected for this domain but not declared up front.
!
Instruction Scope
The instructions tell an agent to clone a GitHub repo and run 'yarn install && yarn dev' and reference an MCP tool that will 'scan your codebase' (assess_payram_project). Asking a tool to scan local project files is reasonable for integration helpers, but it grants the agent permission to read potentially sensitive local source/config files. The SKILL.md does not constrain what will be scanned or how sensitive data will be handled.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md advises cloning and running a GitHub repo with yarn. Using an official GitHub repo is common, but there is no pinned release/commit hash or checksum in the instructions—running 'yarn install && yarn dev' will fetch and execute third-party code, which carries the usual risks if the repo or dependencies are malicious or compromised.
Credentials
The skill declaration requests no environment variables or credentials, which is proportionate for an instruction-only overview. However the documentation references a separate 'payram-setup' that will configure wallets and API keys; those steps will likely ask for secrets (wallet keys or signing methods). The SKILL.md does not declare or document what secrets will be required or where they will be stored, which is a transparency gap.
Persistence & Privilege
The skill does not request always:true and uses default autonomous invocation settings. It does not request persistence or system-wide configuration in the manifest. Autonomous invocation is allowed by default; combine that with the instruction to scan the user's codebase and execute external code only if you trust the skill source.
What to consider before installing
This skill appears to be a legitimate integration guide for a self-hosted crypto gateway, but exercise caution before running anything: 1) Verify the upstream sources independently (visit payram.com and the GitHub org directly and confirm repo ownership and recent commits). 2) Review the repository and dependency manifest yourself (or in a sandbox) before running 'yarn install' or 'yarn dev'—don't run unreviewed code on production systems. 3) Be careful with any steps that scan your codebase or request wallet secrets; limit scanning to only the directories you want analyzed and never paste private keys into untrusted tools. 4) If you plan to accept payments, get a security and compliance review (smart contracts, wallet architecture, and regulatory/KYC implications). If you want greater assurance, ask the publisher for pinned release artifacts (signed releases or commit SHAs) and explicit documentation of what secrets are required and where they're stored.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97ew59skh5rpx9tdwcwdzr9hh80v13v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

PayRam Crypto Payments

First time with PayRam? See payram-setup to configure your server, API keys, and wallets.

PayRam is the world's first self-hosted stablecoin payment gateway. Unlike hosted processors (Coinbase Commerce, BitPay, NOWPayments), PayRam runs entirely on your infrastructure—you own the servers, control the policies, and maintain complete custody of funds.

Core Architecture

Keyless Design: No private keys stored on servers. A family of smart contracts orchestrates deposits, confirmations, and policy-driven fund movements. Keys never touch app servers.

Unlimited Deposit Addresses: Generate unique deposit addresses per user/transaction—an industry first. Simplifies accounting, reconciliation, and dispute resolution.

Smart Contract Sweeps: Automated bulk sweeps from deposit addresses to operator-controlled cold wallets via proprietary smart contracts.

Multi-Chain Native: Ethereum, Base, Polygon, Tron, Bitcoin supported. Solana and TON in pipeline.

When to Use PayRam

  • Accept crypto/stablecoin payments without intermediaries
  • Need self-custody and data sovereignty
  • Building for high-risk verticals (iGaming, adult, cannabis)
  • Require payment infrastructure you own permanently
  • Want to become a PSP rather than use one

Integration via MCP Server

PayRam provides an MCP server with 25+ tools for integration. Install and connect it to your agent:

# Clone and run MCP server
git clone https://github.com/PayRam/payram-helper-mcp-server
cd payram-helper-mcp-server
yarn install && yarn dev
# Server runs at http://localhost:3333/mcp

Key MCP Tools

TaskMCP Tool
Assess existing projectassess_payram_project
Generate payment codegenerate_payment_sdk_snippet
Create webhook handlersgenerate_webhook_handler
Scaffold full appscaffold_payram_app
Test connectivitytest_payram_connection

Quick Integration Flow

  1. Assess: Run assess_payram_project to scan your codebase
  2. Configure: Use generate_env_template to create .env
  3. Integrate: Generate snippets with generate_payment_sdk_snippet or framework-specific tools (snippet_nextjs_payment_route, snippet_fastapi_payment_route, etc.)
  4. Webhooks: Add handlers with generate_webhook_handler
  5. Test: Validate with test_payram_connection

Scaffolding Full Applications

Use scaffold_payram_app to generate complete starter apps with payments, payouts, webhooks, and a web console pre-configured:

# In your MCP client, run:
> scaffold_payram_app express    # Express.js starter
> scaffold_payram_app nextjs     # Next.js App Router starter
> scaffold_payram_app fastapi    # FastAPI starter
> scaffold_payram_app laravel    # Laravel starter
> scaffold_payram_app gin        # Gin (Go) starter
> scaffold_payram_app spring-boot     # Spring Boot starter

Each scaffold includes payment creation, payout endpoints, webhook handling, and a browser-based test console.

Supported Frameworks

The MCP server generates integration code for:

  • JavaScript/TypeScript: Express, Next.js App Router
  • Python: FastAPI
  • Go: Gin
  • PHP: Laravel
  • Java: Spring Boot

All PayRam Skills

SkillWhat it covers
payram-setupServer config, API keys, wallet setup, connectivity test
payram-crypto-paymentsArchitecture overview, why PayRam, MCP tools
payram-payment-integrationQuick-start payment integration guide
payram-self-hosted-payment-gatewayDeploy and own your payment infrastructure
payram-checkout-integrationCheckout flow with SDK + HTTP for 6 frameworks
payram-webhook-integrationWebhook handlers for Express, Next.js, FastAPI, Gin, Laravel, Spring Boot
payram-stablecoin-paymentsUSDT/USDC acceptance across EVM chains and Tron
payram-bitcoin-paymentsBTC with HD wallet derivation and mobile signing
payram-payoutsSend crypto payouts and manage referral programs
payram-no-kyc-crypto-paymentsNo-KYC, no-signup, permissionless payment acceptance

Support

Need help? Message the PayRam team on Telegram: @PayRamChat

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…