ClawHub

Prism

Security checks across malware telemetry and agentic risk

Overview

PRISM is a disclosed multi-agent code review skill that reads project files and saves local review summaries, with manageable scoping and retention caveats.

Install it only in repositories where you are comfortable with multiple configured agents reading relevant files and saving review summaries locally. Use explicit review targets, avoid archiving secrets, periodically clean analysis/prism/archive/, and ensure any local sub-agent completion helper is trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document states the Devil's Advocate has 'no archive access by design,' but elsewhere admits this restriction is not technically enforced. That mismatch can cause operators to rely on a trust boundary that does not actually exist, allowing prior-review content or prompt-injection text from archives to influence the supposedly independent reviewer.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation examples use very broad natural-language triggers such as "PRISM this API change" and "Full PRISM audit on the deployment pipeline" without defining minimum scope, required target boundaries, or explicit exclusions. In an agent setting, this can cause the skill to activate on underspecified requests and review an overly large or sensitive context, increasing the risk of unintended file access, excessive actions, or confusing the user about what exactly will be analyzed.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The workflow example "You say 'PRISM this'" is an especially broad trigger because it contains no scoping information at all. In a tool-using or multi-agent environment, such ambiguous activation can lead the orchestrator to infer scope heuristically, which is dangerous because it may pull in unrelated code, prior archives, or sensitive material beyond the user's intended review target.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal