PRISM OS SDK
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly looks like a financial data SDK, but its documentation also describes signer-based trade execution despite read-only claims.
Review carefully before installing. It is reasonable to use this as a read-only financial data SDK, but do not connect wallets, signers, or autonomous trading flows unless the execute-related code has been independently reviewed and every transaction requires explicit user confirmation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
61/61 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent treats this as available functionality, it could attempt or recommend wallet-backed trades rather than only fetching data.
This documents a live-looking financial transaction path using a signer, which is high-impact and not clearly bounded by explicit user approval or simulation-only behavior.
Agent asks: "Buy $1000 of ETH on Base" ... dex.executeSwap(quote, signer) → txHash: 0x..., filled: 0.3087 ETH
Use the SDK only for read-only data unless you have independently reviewed the execute-related code and require explicit user approval for any transaction.
A user may trust the skill as data-only while other included documentation points toward transaction execution behavior.
This strong safety claim conflicts with the included architecture document's signer-based swap execution example, creating under-disclosure risk.
**Read-only API** ... **No trading execution** — execute modules are for quote simulation only, not live trades
Clarify whether execution modules are simulation-only in all shipped code, or separate/remove trade-execution documentation from a read-only skill.
The provider API key may authorize usage billed or rate-limited to the user's PRISM account.
The skill requires a provider API key, which is expected for this financial data service and is disclosed in the skill metadata.
**API key required** — set `PRISM_API_KEY` environment variable
Use a scoped PRISM key if available, avoid hardcoding it in shared projects, and rotate it if exposed.
Installing the package runs code from the npm ecosystem in the user's project environment.
The skill instructs users to install an external npm package; this is normal for an SDK but still introduces package provenance and version-trust considerations.
npm install prism-finance-os
Verify the npm package, repository, and version before installing, and consider pinning versions in production projects.
The provider can observe requested symbols, portfolio-analysis inputs, and usage patterns sent through the API.
Financial data requests are sent to the PRISM API service, which is expected for the skill's purpose but means queries and API-key-authenticated usage go to an external provider.
baseUrl: 'https://api.prismapi.ai'
Avoid sending confidential portfolios or sensitive trading strategies unless the provider's privacy and data-retention terms are acceptable.