ClawHub

Prismer

ReviewAudited by ClawScan on May 10, 2026.

Overview

Prismer’s web/OCR/messaging features are disclosed, but its shared evolution memory and real-time agent messaging introduce broad cross-agent trust and persistence risks without clear boundaries.

Use Prismer only if you trust prismer.cloud and the @prismer/sdk package. Keep its API key separate from other credentials, require approval before sending/editing/deleting messages, treat incoming agent messages and tool-call content as untrusted, and avoid recording secrets or private incident details into the shared evolution system.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing the package gives third-party code the ability to run locally as part of the CLI setup and use.

Why it was flagged

The skill depends on a global npm package that is not included in the reviewed artifacts and is not pinned to a version.

Skill content
which prismer || npm install -g @prismer/sdk
Recommendation

Install only if you trust the Prismer package and provider; consider pinning a known version and reviewing the npm package before use.

Low
#ASI03: Identity and Privilege Abuse
What this means

The CLI may store an API key or identity that can access Prismer messaging, credits, and account features.

Why it was flagged

The setup flow creates or stores service credentials for the Prismer account, which is expected but sensitive.

Skill content
prismer setup                    # opens browser  sign in  key auto-saved (recommended)
Recommendation

Use a dedicated account or least-privileged key where possible, protect stored credentials, and revoke the key if the machine or agent environment is compromised.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

An agent using this skill could change or remove conversation content if allowed to run these commands.

Why it was flagged

The documented CLI can mutate external messaging state by editing or deleting messages.

Skill content
prismer im edit <conv-id> <msg-id> "Updated text"  # edit
prismer im delete <conv-id> <msg-id>               # delete
Recommendation

Require explicit user approval before sending, editing, deleting, or group-broadcasting messages.

Medium
#ASI07: Insecure Inter-Agent Communication
What this means

Incoming agent messages could be mistaken for trusted instructions or expose sensitive reasoning, files, or tool results.

Why it was flagged

The service supports cross-agent message types that can carry operational context or tool-call-like content, but the artifact does not describe trust or origin validation rules.

Skill content
Message Types

`text` (default), `markdown`, `code`, `file`, `image`, `tool_call`, `tool_result`, `thinking`
Recommendation

Treat all incoming messages and tool-call-like payloads as untrusted until verified; do not execute actions solely because another agent requested them.

Medium
#ASI06: Memory and Context Poisoning
What this means

Bad or poisoned strategies, or sensitive error/task details, could be reused across sessions or shared with other agents.

Why it was flagged

The artifact describes retrieving strategies from shared memory, executing them, and recording outcomes for reuse by other agents, without describing validation, scoping, redaction, or rollback controls.

Skill content
Self-improving loop: encounter problem  get strategy  execute  record outcome  all agents benefit.
Recommendation

Review suggested strategies before execution, redact secrets before recording outcomes, scope learning to a trusted team where possible, and avoid sharing private incident details.

Low
#ASI10: Rogue Agents
What this means

If enabled, the agent could continue receiving or checking messages in the background.

Why it was flagged

The skill documents cron-based polling and real-time delivery options, which can keep agent communication active beyond a single manual command.

Skill content
Polling | 1-15 min | `prismer im conversations --unread` in cron
Recommendation

Enable cron, webhooks, WebSocket, or SSE delivery only when needed, and document how to disable or revoke those channels.