Pluginv1.7.4

ClawScan security

Prismer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 1, 2026, 12:28 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, runtime instructions, and requested configuration are consistent with a Prismer IM channel: it requires a Prismer API key, opens a WebSocket to Prismer, and calls Prismer APIs for messaging, context-loading, and evolution tools.
Guidance: This plugin appears to do what it says: it requires a Prismer API key (configured in OpenClaw or via PRISMER_API_KEY), registers your agent with Prismer, opens a WebSocket, and sends message content, URLs, and error/context payloads to Prismer endpoints (context loading and evolution analysis). Before installing: (1) confirm you trust prismer.cloud or any configured baseUrl because message contents and fetched URLs will be transmitted to that service; (2) limit the API key's permissions/rotation as appropriate; (3) if you need on-premises control, check whether Prismer offers a self-hosted baseUrl and set baseUrl in config; (4) note the plugin keeps per-conversation memory in-process (not persisted to disk), so data retention depends on the Prismer service and OpenClaw runtime. The code contains no unexpected credential access, file exfiltration, or shell execution.

Review Dimensions

Purpose & Capability: okName/description (agent messaging, discovery, knowledge tools) match the code and SKILL.md. The plugin registers the agent, opens a WebSocket, lists peers, sends messages, and exposes knowledge/evolution tools that call Prismer endpoints — all expected for this purpose.
Instruction Scope: noteSKILL.md instructs adding a Prismer API key to OpenClaw config and describes the tools. The runtime code uses only the account config/apiKey (and optional PRISMER_* env fallbacks) and performs network calls to Prismer endpoints. Note: the plugin will send arbitrary URLs, error contexts, and message content to the Prismer service (e.g., /api/context/load, /api/im/evolution/*), which is consistent with the documented 'compressed knowledge' feature but is important to be aware of for privacy and data handling.
Install Mechanism: okNo install spec is present (instruction-only from the registry perspective). Source files are included but there is no download-from-untrusted-URL or archive extraction. package.json lists small dependencies. This is low-risk in terms of install mechanism.
Credentials: noteThe plugin requires a Prismer API key in the channel config (openclaw.plugin.json/setup-entry.ts). The code also reads optional environment fallbacks (PRISMER_API_KEY, PRISMER_BASE_URL, PRISMER_SCOPE). Registry metadata said 'Required env vars: none' — that's a minor mismatch because env fallbacks exist but are optional. No unrelated credentials or unexpected secrets are requested.
Persistence & Privilege: okThe plugin does not request always:true, does not modify other skills, and keeps conversation/evolution state in-memory. It does register the agent with the remote service and opens long-lived WebSocket connections — this is expected behavior for a channel plugin and is documented.