Skillv2.1.1

ClawScan security

Prism · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 28, 2026, 6:04 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: PRISM is an instruction-only, multi‑agent review orchestration protocol whose code and runtime requirements are coherent with its stated purpose (it reads the workspace, archives reviews, and spawns reviewers); nothing requested is disproportionate or unexplained.
Guidance: This skill is internally consistent for orchestrating multi-agent code reviews, but it will read your repository files and store review archives under analysis/prism/archive/. Before installing or running: (1) confirm you are comfortable with an automated process reading and quoting files from your workspace (sensitive secrets in repo files could end up in findings), (2) inspect or create the referenced completion script (~/.openclaw/scripts/sub-agent-complete.sh) so you know what 'completion' does and whether it triggers any network callbacks, (3) review the README/git-clone source (https://github.com/jeremyknows/PRISM.git) if you want the canonical implementation, and (4) consider retention: PRISM archives reviews by default—ensure that archive retention policies meet your data-sensitivity requirements. If any of the above is unacceptable (exposing secrets, automatic callbacks), restrict the skill's access or run it in a controlled sandbox.

Review Dimensions

Purpose & Capability: okThe skill is a review/orchestration protocol. It only asks to read the workspace, search/archive prior reviews, spawn reviewers, synthesize findings, and save an archive — all expected for a review orchestrator. No unrelated credentials, binaries, or external services are required.
Instruction Scope: noteThe SKILL.md instructs reviewers to read files from the workspace, quote file/line citations, run common shell commands (find, grep, wc, mkdir), and write review archives under analysis/prism/archive/. These actions are consistent with the review purpose but do mean the agent will read and include snippets from repository files in findings (potentially including sensitive content).
Install Mechanism: okNo install spec or packaged code is included; this is instruction-only. README suggests an optional git clone from a GitHub repo (public, documented). No downloads from untrusted URLs or archives are present.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The runtime prompts reference standard workspace paths (e.g., analysis/prism/archive/) and an agent script (~/.openclaw/scripts/sub-agent-complete.sh) which are reasonable for archiving/completion signaling. No unrelated secrets are requested.
Persistence & Privilege: notealways:false (normal). The skill writes archives into the workspace and calls a local completion script; this is expected for archival/synthesis. Confirm that the completion script and archive path behave as you expect (they could cause network callbacks depending on your environment).