← 返回 Skills 市场
PayRam MCP Integration
作者
Siddharth Menon
· GitHub ↗
· v1.4.2
777
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install payram-mcp-integration
功能描述
Stripe banned your account? High-risk merchant? No KYC crypto payments via PayRam MCP — 36 tools, zero setup. Accept USDC/USDT/BTC, create payment links, run...
安全使用建议
Do not run the suggested curl|bash or headless scripts without manual review and isolation. Confirm the upstream GitHub repos and inspect the setup scripts line-by-line before executing. Treat any PAYRAM_MNEMONIC or saved token files as highly sensitive — never provide real mainnet mnemonics or private keys to an untrusted script or agent. If you intend to experiment, do so in an isolated VM or container with ephemeral keys and testnet funds only. Verify legal/AML compliance for your use case — the 'no KYC / no signup' pitch may expose you to regulatory or platform risk. If you need this capability, prefer: (1) auditing the repository code, (2) self-hosting in an air-gapped or well-monitored environment, (3) using ephemeral test keys, and (4) ensuring the agent cannot autonomously exfiltrate files or secrets to external endpoints without explicit approval.
功能分析
Type: OpenClaw Skill
Name: payram-mcp-integration
Version: 1.4.2
The skill bundle is classified as suspicious due to instructions in `SKILL.md` that pose significant remote code execution (RCE) and supply chain risks. Specifically, it instructs the agent to execute `/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram.sh)"` and to `git clone https://github.com/PayRam/payram-scripts` followed by executing local scripts from the cloned repository. Both `curl | bash` and cloning/executing external scripts are highly insecure practices, allowing arbitrary code from an external source (https://github.com/PayRam/payram-scripts) to be run on the host system. This risk is compounded by the fact that these scripts are intended to handle sensitive crypto wallet mnemonics, as detailed in `references/headless-setup.md`.
能力评估
Purpose & Capability
The skill claims 'no KYC, no signup, no API key' and declares no required env vars/credentials, but the SKILL.md and headless docs instruct the agent operator to provide PAYRAM_EMAIL, PAYRAM_PASSWORD, PAYRAM_MNEMONIC and other env vars and to run signup/signin/setup flows. That mismatch (declared requirements: none vs instructions: many secrets and auth-related variables) is incoherent.
Instruction Scope
The runtime instructions tell agents to clone repositories, run headless scripts, execute deploy scripts, create wallets, store tokens and mnemonics in .payraminfo files, and to run curl|bash install lines. These steps go beyond simple code snippets generation — they create persistent secrets on disk, deploy smart contracts, and can cause network interactions with payram servers or public RPCs. The instructions also reference connecting to a hosted MCP endpoint (https://mcp.payram.com/mcp), which will send data off-host; none of this is declared in the skill metadata.
Install Mechanism
Although the skill is instruction-only (no packaged install spec), it explicitly recommends high-risk installation patterns: 'curl -fsSL https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram.sh | /bin/bash' and cloning & running scripts from GitHub. Download-and-execute from raw URLs and running remote setup scripts is a high-risk practice and should be manually audited before use.
Credentials
The skill declares no required environment variables or primary credential, yet the headless setup requires many env vars (PAYRAM_EMAIL, PAYRAM_PASSWORD, PAYRAM_MNEMONIC, PAYRAM_API_URL, RPC URLs, etc.) including sensitive secrets (mnemonic, tokens). Requesting wallet mnemonics and writing them to plaintext files is highly sensitive and not reflected in the metadata — this is disproportionate and not properly declared.
Persistence & Privilege
always:false (normal) and agent invocation is allowed (normal). However, the documentation instructs creating persistent files (.payraminfo/headless-tokens.env and headless-wallet-secret.txt) that store authentication tokens and mnemonics on disk. This persistence is within the skill's stated self-hosted use-case but increases risk if run in an environment with other secrets or network access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install payram-mcp-integration - 安装完成后,直接呼叫该 Skill 的名称或使用
/payram-mcp-integration触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.2
Added 'Agent commerce reality' narrative to attention hook. Emphasized autonomous income: 'Agents are earning USDC autonomously while humans sleep'
v1.4.0
payram-mcp-integration 1.4.0
- Metadata updated: version bumped to 1.4.0
- Added new metadata fields: tools-count and expanded tags (now includes ai-agents)
- No changes to available tools or documentation content
- All feature and usage documentation remains unchanged
v1.3.1
Updated network selection table with TON for micropayments (~/bin/bash.001 fees, 5s confirmations). Added Telegram integration advantage for TON. Highlighted The Watering Hole marketplace as real example of TON micropayments for agent commerce.
v1.3.0
36 tools from updated MCP: added referrals, payouts, webhooks, app scaffolding, live docs. Rewrote skill with attention-first positioning — leads with Stripe ban hook, 0K savings story, and high-risk merchant targeting.
v1.2.1
payram-mcp-integration 1.2.1
- Updated skill metadata version from 1.2.0 to 1.2.1 in SKILL.md.
- No other content changes detected.
v1.2.0
**Big update: Adds instant testnet setup and fully automated headless (agent) installation guide.**
- Instant testnet payments enabled via hosted MCP server (mcp.payram.com) — zero setup required for testing.
- Complete, step-by-step, non-interactive headless installation guide added for fully autonomous/production use (see references/headless-setup.md).
- Expanded documentation for agent operation, environment variables, and quick automation.
- Skill description, metadata, and triggers updated to emphasize headless operation and instant onboarding.
- New headless agent guide and features clearly distinguished from legacy/manual setup.
v1.1.0
**payram-mcp-integration v1.1.0 Changelog**
- Major SKILL.md rewrite: streamlined, clarified usage triggers, and updated instructions for agent/composer use.
- Added concise network selection and troubleshooting guides.
- Included new section for supported chains/tokens (USDC, USDT, BTC, ETH on Base, Ethereum, Polygon, Tron, TON).
- Expanded error handling instructions for common failures (insufficient balance, network not supported, invalid address).
- Introduced clearer table of MCP tools with examples.
- Added references/architecture.md file for architectural documentation.
v1.0.1
Fixed MCP server URL: https://mcp.payram.com (not /mcp endpoint)
v1.0.0
Initial release: PayRam MCP server integration for AI agents. Includes create-payee, send-payment, get-balance tools via Model Context Protocol. Sovereign crypto payments without KYC or third-party processors.
元数据
常见问题
PayRam MCP Integration 是什么?
Stripe banned your account? High-risk merchant? No KYC crypto payments via PayRam MCP — 36 tools, zero setup. Accept USDC/USDT/BTC, create payment links, run... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 777 次。
如何安装 PayRam MCP Integration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install payram-mcp-integration」即可一键安装,无需额外配置。
PayRam MCP Integration 是免费的吗?
是的,PayRam MCP Integration 完全免费(开源免费),可自由下载、安装和使用。
PayRam MCP Integration 支持哪些平台?
PayRam MCP Integration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PayRam MCP Integration?
由 Siddharth Menon(@buddhasource)开发并维护,当前版本 v1.4.2。
推荐 Skills