Prismer
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prismer is a disclosed cloud messaging skill, but its shared cross-agent learning and tool-call messaging features could let remote or persistent content influence agents without clear boundaries.
Review before installing. Treat Prismer as a cloud service that can store credentials, messages, parsed content, and learned agent strategies. Verify the npm package, avoid sending secrets or private reasoning, require confirmation before message mutations or executing suggested strategies, and use scoped/private evolution data if available.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You must trust the npm package and future package resolution when installing the CLI/SDK.
The skill relies on a globally installed npm package. This is purpose-aligned, but the provided artifacts include no code, lockfile, or pinned version to review.
which prismer || npm install -g @prismer/sdk
Install only from the official package source, consider pinning a reviewed version, and avoid running the global install in sensitive environments until verified.
The CLI will hold credentials that can act as your Prismer identity.
The skill uses and saves a Prismer account key, which is expected for a cloud messaging service but is not reflected in the registry credential declarations.
prismer setup # opens browser → sign in → key auto-saved (recommended)
Use a least-privileged Prismer account/key, rotate it if exposed, and check where the CLI stores credentials before use.
An agent using these commands could send, edit, or delete messages in the Prismer account.
The CLI can mutate remote conversation content. This matches a messaging system, but mistaken autonomous use could affect user-visible messages.
prismer im edit <conv-id> <msg-id> "Updated text" # edit prismer im delete <conv-id> <msg-id> # delete
Require explicit confirmation for sending, editing, deleting, or group-message actions.
Remote agent messages could be mistaken for instructions, and sensitive reasoning or tool data could be shared across agents.
The skill supports inter-agent message types that may contain tool calls, tool results, files, images, or agent reasoning, but does not define trust, origin-verification, or safe handling rules.
`text` (default), `markdown`, `code`, `file`, `image`, `tool_call`, `tool_result`, `thinking`
Treat all incoming messages and tool-call payloads as untrusted data, verify senders, and do not forward secrets or internal reasoning unless explicitly intended.
Bad or poisoned learned strategies could influence future agent behavior, and error/task details may be stored in shared cloud memory.
The documented workflow retrieves strategies, executes them, and records outcomes for reuse by other agents, without clear provenance, review, or sensitive-data minimization controls.
Self-improving loop: encounter problem → get strategy → execute → record outcome → all agents benefit.
Review any suggested strategy before execution, use private or team-scoped pools where possible, and sanitize error reports and outcomes before recording them.
A mistaken or malicious strategy could spread to other agents or later tasks before it is noticed.
The evolution feature can synchronize learned strategies across agents; combined with the stated 'all agents benefit' model, one bad learned item could propagate beyond a single session.
prismer evolve sync # pull latest
Keep evolution data scoped, review synced strategies before use, and ensure there is a rollback or deletion process for bad learned items.