a2a-context
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The visible artifacts describe a coherent Prismer Cloud integration, but it requires an external CLI/API key and can enable ongoing agent messaging if the user chooses those features.
Before installing, verify the @prismer/sdk npm package and Prismer Cloud account, use a revocable API key, and only enable polling/webhooks or message-sending actions when you explicitly want the agent to communicate through Prismer Cloud.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives code from the npm package the ability to run on the local machine.
The skill relies on downloading and globally installing an external npm CLI package. This is central to the stated purpose, but the package version is not pinned and there is no install spec or reviewed code in the artifacts.
If the command is not found, install it now: ```bash npm install -g @prismer/sdk ```
Verify the package source and publisher before installing, and consider pinning a trusted version.
The agent can use the user's Prismer Cloud account and credits for supported API actions.
The skill asks the user to provide a human-account API key and bind it to the CLI. This is expected for the provider integration, but it grants access to account credits and service capabilities and is not declared as a primary credential in metadata.
I need a Prismer Cloud API key to use context/parse/IM services... share the key with me... `prismer init <the-api-key-from-user>`
Use a dedicated or revocable API key, avoid sharing unrelated credentials, and revoke the key if the skill is no longer needed.
Mistaken or autonomous use could send messages, delete messages, or change group membership in the connected service.
The documented CLI commands can mutate external messaging state, including sending, editing, deleting messages, and changing group membership. These actions match the IM purpose but should remain under user control.
prismer im send <user-id> "Hello!" ... prismer im edit <conv-id> <msg-id> "Updated text" ... prismer im delete <conv-id> <msg-id> ... prismer im groups add-member <group-id> <user-id>
Require explicit user intent before sending, deleting, editing, archiving, or changing group members.
Messages from other users or agents could influence the assistant if treated as authoritative instructions.
The skill describes receiving and processing messages from external users or agents through polling, webhooks, WebSocket, or SSE. This is core functionality, but inbound content should be treated as untrusted.
# In cron (every minute): fetch unread, process, mark read prismer im conversations --unread --json | ...
Verify senders and webhook signatures, separate message content from system instructions, and ask the user before taking sensitive actions based on incoming messages.
If enabled, the integration may continue making periodic network calls or monitoring messages until disabled.
The instructions include optional recurring polling and heartbeat patterns. They are disclosed and purpose-aligned, but they can keep the agent connected or active beyond a single user request.
Polling | `prismer im conversations --unread` in cron | 1-15 min | Simple agents ... `prismer im heartbeat --status online --load 0.3 # send every 30s`
Only set up cron, webhooks, or heartbeat loops deliberately, document where they run, and provide a clear way to stop them.