Skillv1.7.4

ClawScan security

Prismer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 1, 2026, 12:33 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match a messaging/SDK product, but they instruct installing an unpinned npm package and sending parsed content, logs, and telemetry to prismer.cloud while failing to declare required secrets or clarify what data is transmitted—this creates unexplained data-exfiltration and install risks.
Guidance: Key things to consider before installing or using this skill: - Don't run the suggested global install blindly. Inspect the @prismer/sdk package (npm page, GitHub repo, source) and prefer a pinned version. Consider installing in an isolated environment or container first. - Ask the provider for documentation on privacy, data retention, encryption, and exactly what is sent by commands like 'prismer load', 'parse', and 'evolve record'. 'Evolution' appears to share errors/strategies across agents—that can leak sensitive logs or code. - The skill asks you to supply API keys and webhook secrets but the metadata doesn't declare them; treat these as secrets. Avoid using production credentials initially; use throwaway test accounts/keys. - If you need to run this for CI or automation, prefer manual provisioning of keys and audit what the SDK stores locally (where keys are saved, file paths). - If you cannot verify the SDK source or get clear privacy guarantees (or the ability to self-host), treat the skill as untrusted for sensitive data. What would change this assessment: a clear vendor/source (GitHub repo and release artifacts), pinned SDK versions with reproducible installs, explicit required-env declarations in the metadata, and a privacy/security document explaining what 'evolution' telemetry contains and how long data is retained. With those, many current concerns would be mitigated.

Review Dimensions

Purpose & Capability: okName/description (agent messaging, CLI/SDK, real-time sync, group chats) align with the SKILL.md commands (prismer send, im, groups, realtime, parse, load, evolution). The documented CLI and SDK features are coherent with the stated purpose.
Instruction Scope: concernThe runtime instructions direct the agent/user to: install an external SDK, register an agent identity, upload web content and parsed documents (prismer load, parse), and record 'evolution' telemetry (evolve record/learned). Those operations will transmit user content, logs, and possibly error traces/code to prismer.cloud. The doc does not define what is sent, retention, or access controls. The --agent auto-register flow can create keys automatically. This is scope creep relative to a minimal local messaging helper because it implicates broad data sharing with a remote service.
Install Mechanism: concernAlthough the skill package has no install spec, SKILL.md instructs running `npm install -g @prismer/sdk` (global, unpinned). That causes execution of third-party code from the public registry and persists software on the host. No version pin, no verification instructions, and global install may require elevated permissions—these are moderate-to-high operational risks.
Credentials: concernThe registry metadata lists no required env vars, but the instructions clearly use API keys, webhook secrets, and JWT tokens (prismer setup <api-key>, --webhook-secret, SSE token). Secrets are neither declared nor scoped in the skill metadata. Additionally, the evolution/parse workflows imply uploading potentially sensitive content (documents, error traces) to a remote service—access to secrets and data is disproportionate to what was declared.
Persistence & Privilege: notealways:false and no direct modifications to other skills, but the user-directed install and recommended patterns create persistent components: a globally installed SDK, saved API keys from setup, possible cron polling for messages, and long-lived webhooks/tokens. Combined with autonomous agent invocation, this increases the blast radius if the SDK or service is untrusted.