Prismly
Security checks across malware telemetry and agentic risk
Overview
Prismly appears to be a real link-analysis plugin, but it stores OAuth tokens and runs a background service that can process remote Prismly tasks through local OpenClaw agents, which is more authority than the registry metadata makes clear.
Review this plugin before installing if you do not specifically want Prismly to run background link-analysis tasks through OpenClaw. If you proceed, log in only with an account you trust, bind a dedicated low-privilege agent, keep tool approvals enabled, monitor with the status/unbind commands, and know that credentials are stored under ~/.openclaw/credentials.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After login, the plugin can use the user's Prismly account tokens until they are cleared or revoked.
The plugin handles and persists OAuth access/refresh tokens, even though the supplied registry metadata lists no primary credential or required credential.
interface Credentials { accessToken: string; refreshToken: string; ... } ... "capture the callback tokens, and save them to the token store."Install only if you trust Prismly with this account access; the publisher should declare the OAuth credential requirement and document how to revoke or clear stored tokens.
Prismly-side tasks may trigger local agent activity automatically after the plugin is configured.
The plugin registers a persistent background service that polls/receives tasks and delegates work to agents, rather than only running on direct user invocation.
// Background service (heartbeat + task polling + agent delegation)\n api.registerService(createPrismnoteService(api.runtime));
Use a dedicated low-privilege OpenClaw agent for this plugin, monitor its status, and unbind it when not needed. The publisher should document background behavior and provide clear controls.
If a bound agent has powerful tools, Prismly task content or link content could influence that agent's actions.
Remote task instructions can be associated with a bound OpenClaw agent, but the artifacts do not show per-task approval, prompt isolation, or limits on what the routed agent may do.
TaskPayload ... instruction: string | null; ... "OpenClaw agent ID to route tasks to via --agent."
Bind only a narrowly-scoped summarization agent and keep normal OpenClaw approval prompts enabled for any high-impact tools.
A task that points at a private or sensitive URL could cause the user's machine to fetch it and send an analysis result to the service.
The local plugin fetches URLs supplied through tasks and submits derived results back to Prismly, with no artifact-disclosed allowlist, private-network blocking, or URL-scope control.
Process a single task: 1. Claim the task 2. Fetch content from the link URL ... 4. Submit the insight
Only process tasks from trusted Prismly workspaces and ask the publisher to add URL validation, private-network protections, and clear user controls.
Task metadata and account-bound realtime events are handled through Prismly/Supabase infrastructure.
The plugin uses Supabase Realtime with the user's bearer token to receive task events. This is expected for the stated integration, but it is an external provider data flow.
this.client = createClient(env.supabaseUrl, env.supabaseAnonKey, { global: { headers: { Authorization: `Bearer ${accessToken}` } } });Verify that the Prismly/Supabase endpoints are the expected ones and avoid using custom endpoint environment variables unless you trust them.
Running the script changes local OpenClaw configuration and installs packages from npm.
The optional installer downloads runtime dependencies and modifies the user's OpenClaw plugin configuration. It is scoped and uses --ignore-scripts, but dependency versions are semver ranges and the registry has no install spec.
npm install --production --ignore-scripts ... cfg.plugins.allow.push('prismly'); cfg.plugins.entries.prismly = { enabled: true };Review install.sh before running it and prefer a pinned, registry-managed install path when available.