Back to plugin

Security audit

Prismer

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, runtime instructions, and requested configuration are consistent with a Prismer IM channel: it requires a Prismer API key, opens a WebSocket to Prismer, and calls Prismer APIs for messaging, context-loading, and evolution tools.

This plugin appears to do what it says: it requires a Prismer API key (configured in OpenClaw or via PRISMER_API_KEY), registers your agent with Prismer, opens a WebSocket, and sends message content, URLs, and error/context payloads to Prismer endpoints (context loading and evolution analysis). Before installing: (1) confirm you trust prismer.cloud or any configured baseUrl because message contents and fetched URLs will be transmitted to that service; (2) limit the API key's permissions/rotation as appropriate; (3) if you need on-premises control, check whether Prismer offers a self-hosted baseUrl and set baseUrl in config; (4) note the plugin keeps per-conversation memory in-process (not persisted to disk), so data retention depends on the Prismer service and OpenClaw runtime. The code contains no unexpected credential access, file exfiltration, or shell execution.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.