Back to skill
Skillv1.1.2
ClawScan security
Prism Alerts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:31 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's functionality matches its description, but there are inconsistencies around declared environment variables and an opaque third‑party API endpoint that warrant caution before installing or providing bot credentials.
- Guidance
- This skill appears to do what it says (poll a PRISM API and produce alerts), but exercise caution before supplying bot credentials or trusting the default PRISM endpoint. Things to check before installing or running: - Verify the PRISM API: the default URL (strykr-prism.up.railway.app) is a third‑party host with no homepage provided; confirm the operator and trustworthiness. Consider self‑hosting or pointing PRISM_URL at a trusted endpoint. - The package metadata does not declare the TELEGRAM/DISCORD env vars shown in the README. Expect to need your own TELEGRAM_BOT_TOKEN / DISCORD_BOT_TOKEN and channel IDs to send alerts — do not paste tokens into unknown web UIs; run the bot locally or in a controlled environment. - Inspect and run the included scripts locally or inside a sandbox/container. The script only uses curl/jq and writes a dedupe file under /tmp, but network requests go to the PRISM service so review traffic if you are concerned about data leaving your environment. - Prefer creating your own messaging bots and supply only those tokens. If you must use an external Prism provider, verify TLS, ownership, and privacy policy; avoid sharing credentials with unknown operators. If you want a higher assurance verdict, provide: the upstream repository or homepage for the PRISM API and the skill, and confirmation of who operates the strykr-prism endpoint; with that info the assessment can move to benign if the operators are trustworthy.
Review Dimensions
- Purpose & Capability
- noteName/description (Pump.fun / Solana token alerts) aligns with the included script and examples: the bash script polls PRISM endpoints and the SKILL.md shows Telegram/Discord integration examples. However, the skill metadata declares no required env vars while SKILL.md documents TELEGRAM_BOT_TOKEN, DISCORD_BOT_TOKEN, channel IDs, and PRISM_URL — an inconsistency in what the package says it needs versus what instructions demonstrate. PRISM_URL defaults to a third‑party Railway app (strykr-prism.up.railway.app); that external service is central to the skill but the source/homepage are unknown.
- Instruction Scope
- noteSKILL.md and scripts stay within alerting functionality: polling PRISM API, formatting alerts, and sending to bots. The included watch loop stores seen tokens in /tmp/prism_seen_tokens.txt and polls every 30s. SKILL.md includes code examples that would transmit token data to Telegram/Discord channels (expected for alerts). Instructions do not direct the agent to read unrelated files or other credentials, but they do assume use of external messaging services (which require tokens).
- Install Mechanism
- okNo install spec — instruction-only plus a small shell script included. Nothing is downloaded from arbitrary URLs or written to unusual system locations by an installer. Risk from installation mechanism is low.
- Credentials
- concernThe skill metadata lists no required env vars, but SKILL.md documents PRISM_URL, TELEGRAM_BOT_TOKEN, TELEGRAM_CHANNEL_ID, DISCORD_BOT_TOKEN, and DISCORD_CHANNEL_ID. Requiring messaging bot tokens is expected for integrations, but the metadata failing to declare them reduces transparency. Also the default PRISM_URL points to a third‑party hosted endpoint (Railway) — all alert/request data will flow through that service unless you change PRISM_URL. Requesting or entering bot tokens into code that communicates with an external (unknown) API increases risk of credential exposure if that service or its operator is untrusted.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent platform privileges. The script writes only a temporary /tmp/prism_seen_tokens.txt to deduplicate alerts. It does not modify other skills or system settings.