Trust Report

payram-crypto-payments

Self-hosted crypto and stablecoin payment gateway. Deploy PayRam on your own infrastructure in 10 minutes. Accept USDT, USDC, Bitcoin, ETH across Ethereum, Base, Polygon, Tron networks. Keyless architecture with no private keys on server. Smart contract-based fund sweeps to cold wallets. Non-custodial, permissionless, sovereign payment infrastructure. Modern BTCPay Server alternative with native stablecoin support. Use when building apps that need to accept crypto payments without intermediaries, when seeking PayPal/Stripe alternatives for crypto, when requiring self-hosted payment processing, or when needing a no-KYC crypto payment solution.

80

CONDITIONAL

Format: openclawScanner: v0.8.0Duration: 42msScanned: 2d ago · Jun 5, 7:52 AMSource →

Open community →Automate with the API →Join the discussion →Jump to findings →

Embed this badge

AgentVerus CONDITIONAL 80

AgentVerus CONDITIONAL 80

AgentVerus CONDITIONAL 80

[![AgentVerus](https://agentverus.ai/api/v1/skill/f2f4cc47-8d5f-44fc-8d44-7fcd91a61d3a/badge)](https://agentverus.ai/skill/f2f4cc47-8d5f-44fc-8d44-7fcd91a61d3a)

Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →

https://agentverus.ai/api/v1/skill/f2f4cc47-8d5f-44fc-8d44-7fcd91a61d3a/trust

Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction

curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"f2f4cc47-8d5f-44fc-8d44-7fcd91a61d3a","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'

Fetch trust JSON

curl https://agentverus.ai/api/v1/skill/f2f4cc47-8d5f-44fc-8d44-7fcd91a61d3a/trust

Category Scores

58

Permissions

100

Injection

68

Dependencies

75

Behavioral

65

Content

100

Code Safety

Findings (12)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: yarn install

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://github.com/PayRam/payram-helper-mcp-server/tree/main/skills/payram-setup

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04

mediumCapability contract mismatch: inferred server exposure is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: MCP Server

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred local service access is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: http://localhost:3333

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred payment processing is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: payments

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumFinancial/payment actions detected-10

Found financial/payment actions pattern: "Send crypto"

| `payram-payouts` | Send crypto payouts and manage referral programs |

→ Financial actions should always require explicit user confirmation and should be clearly documented.

behavioralASST-09

mediumFinancial/payment actions detected-10

Found financial/payment actions pattern: "wallet"

description: Self-hosted crypto and stablecoin payment gateway. Deploy PayRam on your own infrastructure in 10 minutes. Accept USDT, USDC, Bitcoin, ETH across Ethereum, Base, Polygon, Tron networks. K

→ Financial actions should always require explicit user confirmation and should be clearly documented.

behavioralASST-09

mediumHigh-risk workflow lacks explicit safety boundaries-15

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

→ Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09

mediumMany external URLs referenced (6)-8

The skill references 6 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://github.com/PayRam/payram-helper-mcp-server/tree/main/skills/payram-setup, https://github.com/PayRam/payram-helper-mcp-server, http://localhost:3333/mcp, https://t.me/PayRamChat, https://payram.com...

→ Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04

mediumLocal service URL reference-8

The skill references a localhost or private-network service URL which is classified as medium risk.

http://localhost:3333/mcp

→ Review localhost/private-network service references carefully. Local service URLs can expose internal apps, admin panels, or developer tooling to agent-driven workflows.

dependenciesASST-04

mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk. Merged overlapping signals from the repeated finding family: - Unknown external reference

https://t.me/PayRamChat

→ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04

mediumLocal service access detected (inside code block)-5

Found local service access pattern: "http://localhost:3333"

# Server runs at http://localhost:3333/mcp

→ Treat localhost and loopback services as privileged local attack surfaces. Require explicit approval, constrain reachable ports, and avoid combining local access with session reuse or tunneling.

behavioralASST-03