prism-scanner

Category: Testing & Security | Uploader: aidongise-cell | Downloads: 0 | Version: v1.0（Latest）

Security scanner for AI Agent skills, plugins, and MCP servers. Use when: user asks to scan a skill, check if a plugin is safe, vet an MCP server, review skill security, detect malicious code, supply chain safety, or says 'is this safe to install', 'scan this skill', 'check this MCP server', 'security scan', 'vetting', 'skill safety', 'prism scan', '安全扫描', '这个插件安全吗', '扫描一下', '检查安全性', '安装前检查', '技能审查'.

Changelog: Source: GitHub https://github.com/aidongise-cell/prism-scanner

Directory Structure

Current level: tree/main/

📁 .github/
- 📁 ISSUE_TEMPLATE/
  - 📄 bug_report.yml 1.5 KB
  - 📄 false_negative.yml 1.1 KB
  - 📄 false_positive.yml 1.1 KB
  - 📄 new_rule.yml 1.5 KB
- 📁 workflows/
  - 📄 ci.yml 678 B
  - 📄 example-scan.yml 788 B
  - 📄 prism-scan.yml 345 B
- 📄 PULL_REQUEST_TEMPLATE.md 445 B
📁 examples/
- 📄 clawhub-scan-report.md 5.9 KB
📁 Formula/
- 📄 prism-scanner.rb 999 B
- 📄 README.md 376 B
📁 npm/
- 📁 bin/
  - 📄 prism-scanner.js 1.7 KB
- 📄 package.json 600 B
- 📄 README.md 595 B
📁 reports/
- 📁 clawhub-top100/
  - 📁 scans/
    
    📄 0xartex__token-research.json 412 B
    
    📄 2233admin__api-monitor.json 9.9 KB
    
    📄 aadipapp__mac-power-tools.json 418 B
    
    📄 adlai88__polymarket-elon-tweets.json 60.1 KB
    
    📄 ajarmoszuk__crypton-esim.json 36.9 KB
    
    📄 alti-systems__kling.json 400 B
    
    📄 anmolnagpal__terraform-ai-skills.json 439 B
    
    📄 arthuronai__ai-layoff-radar.json 41.2 KB
    
    📄 autogame-17__feishu-broadcast.json 430 B
    
    📄 awsome-o__grafana-lens.json 5.3 KB
    
    📄 beee003__q-kdb-code-review.json 13.3 KB
    
    📄 blackeight4752__doubao-ata-subtitle.json 17.8 KB
    
    📄 brennerspear__system-watchdog.json 430 B
    
    📄 c-drew__telegram-usage.json 409 B
    
    📄 cassh100k__soulkeeper.json 21.1 KB
    
    📄 chaunceyliu__trade-with-aiusd.json 1.8 KB
    
    📄 chyher__team-discuss.json 1.2 KB
    
    📄 claudiodrusus__skill-4.json 409 B
    
    📄 cp7553479__seedream-image-generation.json 5.0 KB
    
    📄 dagangtj__ai-economic-tracker.json 9.2 KB
    
    📄 dashiming__godot-bridge.json 412 B
    
    📄 dhardie__llm-supervisor.json 412 B
    
    📄 dongsheng123132__mac-ai-optimizer.json 442 B
    
    📄 duyeng__intercom-conversations.json 433 B
    
    📄 eisimo__agentic-letters.json 11.5 KB
    
    📄 ethersuite__moltmail-ethermail.json 1.2 KB
    
    📄 feiyang2007__360-search.json 3.2 KB
    
    📄 franky0617__etf-assistant.json 418 B
    
    📄 georges91560__security-sentinel-skill.json 454 B
    
    📄 griffithkk3-del__lark-wiki-writer.json 21.2 KB
    
    📄 haiyangchenbj__invassistant.json 130.1 KB
    
    📄 harrierdb__cmc-kline-data-collector.json 2.5 KB
    
    📄 henrino3__heimdall.json 20.0 KB
    
    📄 homeofe__openclaw-ispconfig.json 3.1 KB
    
    📄 hubertsing__conan-weekly-report.json 435 B
    
    📄 idanmann10__startclaw-optimizer.json 2.8 KB
    
    📄 irideas__bobo-context-cleanup.json 430 B
    
    📄 jachian-lee__feishu-doc-reviewer.json 88.1 KB
    
    📄 jason-chew__citrea-claw-skill.json 12.5 KB
    
    📄 jerryops2026-del__xhs-auto-publish.json 445 B
    
    📄 jisuapi__exchange.json 16.0 KB
    
    📄 jisuapi__stockhistory.json 7.7 KB
    
    📄 johnjerry8749__weather-py.json 60.9 KB
    
    📄 jrojas537__flight-pricer.json 4.8 KB
    
    📄 kapishdima__dtek-light.json 1.1 KB
    
    📄 keylimesoda__tommy-monitoring-dashboard.json 460 B
    
    📄 koolninad__uid-life.json 400 B
    
    📄 larryfang__em-intel.json 83.9 KB
    
    📄 leongfans__skillforge-discovery.json 436 B
    
    📄 lilianzhu__zadig.json 1.9 KB
    
    📄 logesh2496__spaces.json 24.8 KB
    
    📄 lucaszh7__auto-authenticator-local.json 7.9 KB
    
    📄 machunlin__video-merger.json 412 B
    
    📄 manuelcorpas__equity-scorer.json 14.2 KB
    
    📄 maverick-software__safe-update-merge.json 451 B
    
    📄 mig6671__phoenix-shield.json 412 B
    
    📄 mookim-eth__xclaw-skill.json 412 B
    
    📄 mosonchan2023__docker-compose-manager.json 453 B
    
    📄 mosonchan2023__polymarket-copy-trade-bot.json 462 B
    
    📄 mosonchan2023__stock-screener.json 429 B
    
    📄 muguozi1__evolver-1-17-1.json 416 B
    
    📄 neal-collab__auto-whisper-safe.json 432 B
    
    📄 night556__feishu-doc-exporter.json 430 B
    
    📄 numba1ne__nft-skill.json 400 B
    
    📄 omaression__advanced-dispatcher-skill.json 7.8 KB
    
    📄 otman-ai__tikto-automation.json 11.0 KB
    
    📄 paulpreibisch__agentvibes-clawbot-tts.json 2.1 KB
    
    📄 pitertxus__openclaw-memory-pensieve-algorand.json 154.6 KB
    
    📄 puppetcat-fire__secure-p2p-messenger-real.json 466 B
    
    📄 qqliaoxin__comfyui-api.json 31.9 KB
    
    📄 rcholic__predicate-snapshot.json 424 B
    
    📄 riffvibe__vibemate.json 397 B
    
    📄 rsquaredsolutions2026__payrail402.json 442 B
    
    📄 sakurako-irs__clawreceipt.json 1.8 KB
    
    📄 scccmsd__custom-smtp-sender.json 1.3 KB
    
    📄 shaharsha__google-search-grounding.json 11.7 KB
    
    📄 shiiyyo__github-manager.json 412 B
    
    📄 sinabs__ifind-data.json 397 B
    
    📄 sonyrw__workspace-main.json 1.9 KB
    
    📄 stj001__sensitive-data-masker.json 23.8 KB
    
    📄 sunjian__weryai-video.json 406 B
    
    📄 supere989__vectorguard-nano.json 424 B
    
    📄 tariqsumatri82__a2a-market-1-1-0.json 19.9 KB
    
    📄 thesethrose__apple-docs.json 412 B
    
    📄 thu-nmrc__zeelin-social-watch.json 12.3 KB
    
    📄 tyzzt__wsl-powershell-full.json 421 B
    
    📄 uxbryan__spotplay.json 12.4 KB
    
    📄 viktorbjorn__clawhub-search-verify.json 445 B
    
    📄 wangwu-30__neo-market.json 406 B
    
    📄 wen-si__croskill.json 3.4 KB
    
    📄 windy-001-crypto__data-harvester-v2.json 1.8 KB
    
    📄 xaiohuangningde__doc-handler.json 2.1 KB
    
    📄 xqw1377-prog__musk-insider-pro.json 11.9 KB
    
    📄 xuzhiwei0217-doctor__automation-workflow.json 463 B
    
    📄 yipintangzsp__amazon-ppc-optimizer.json 444 B
    
    📄 yipintangzsp__weibo-trending-bot.json 439 B
    
    📄 youpele52__stock-fundamentals.json 34.4 KB
    
    📄 zedit42__arena-system.json 406 B
    
    📄 zhaog100__hacker-news-surfer.json 426 B
  - 📄 _aggregate_stats.json 28.4 KB
  - 📄 ClawHub-Top100-Security-Report.md 7.4 KB
  - 📄 README.md 1.4 KB
📁 rules/
- 📄 malicious_signatures.yaml 4.4 KB
- 📄 permissions.yaml 3.6 KB
- 📄 suspicious_domains.yaml 1.5 KB
📁 src/
- 📁 prism/
  - 📁 engines/
    
    📄 __init__.py 0 B
    
    📄 ast_engine.py 34.9 KB
    
    📄 manifest_engine.py 32.6 KB
    
    📄 pattern_engine.py 30.8 KB
    
    📄 residue_engine.py 18.2 KB
    
    📄 taint.py 7.2 KB
  - 📁 rules/
    
    📄 malicious_signatures.yaml 4.5 KB
    
    📄 permissions.yaml 3.6 KB
    
    📄 suspicious_domains.yaml 1.5 KB
  - 📄 __init__.py 108 B
  - 📄 __main__.py 35 B
  - 📄 cleaner.py 9.3 KB
  - 📄 cli.py 12.3 KB
  - 📄 fetcher.py 2.7 KB
  - 📄 mcp_server.py 10.2 KB
  - 📄 models.py 3.2 KB
  - 📄 report.py 14.5 KB
  - 📄 rules_loader.py 1.5 KB
  - 📄 scanner.py 4.4 KB
  - 📄 scoring.py 3.1 KB
  - 📄 suppression.py 1.7 KB
📁 tests/
- 📁 fixtures/
  - 📁 malicious_skill/
    
    📄 evil_skill.py 1.6 KB
    
    📄 package.json 213 B
- 📄 test_scanner.py 43.8 KB
📄 .dockerignore 94 B
📄 .gitignore 291 B
📄 2026-03-31-README.md 20.9 KB
📄 action.yml 4.0 KB
📄 CHANGELOG.md 6.2 KB
📄 CODE_OF_CONDUCT.md 1.4 KB
📄 CONTRIBUTING.md 6.6 KB
📄 docker-compose.yml 131 B
📄 Dockerfile 361 B
📄 LICENSE 11.0 KB
📄 pyproject.toml 1.6 KB
📄 README.md 13.9 KB
📄 SECURITY.md 4.2 KB
📄 server.json 586 B
📄 skill.json 800 B
📄 SKILL.md 3.5 KB

SKILL.md

---
name: prism-scanner
version: 0.1.0
description: "Security scanner for AI Agent skills, plugins, and MCP servers. Use when: user asks to scan a skill, check if a plugin is safe, vet an MCP server, review skill security, detect malicious code, supply chain safety, or says 'is this safe to install', 'scan this skill', 'check this MCP server', 'security scan', 'vetting', 'skill safety', 'prism scan', '安全扫描', '这个插件安全吗', '扫描一下', '检查安全性', '安装前检查', '技能审查'."
author: prismlab
category: Security
allowed-tools: Read, Grep, Glob, Bash
---

# Prism Scanner — Agent Security Scanner

You are a security analyst using Prism Scanner to detect malicious code and security risks in AI Agent skills, plugins, and MCP servers.

## When to Use

- User wants to **install a new skill** and needs a safety check
- User asks "is this skill/plugin/MCP server safe?"
- User wants to **scan a directory, repo, or package** for security risks
- User mentions **supply chain security** for agent extensions
- User wants to **clean up system residue** left by uninstalled skills
- Before installing any skill from ClawHub, GitHub, npm, or PyPI

## Prerequisites

Prism Scanner must be installed. If not available, install it:

```bash
pip install prism-scanner
```

Verify installation:
```bash
prism --version
```

## Usage

### Scan a local skill/plugin

```bash
prism scan <path-to-skill>
```

### Scan a GitHub repository

```bash
prism scan <github-url>
```

### Scan with specific platform detection

```bash
prism scan <target> --platform clawhub|mcp|npm|pip
```

### Get machine-readable output

```bash
prism scan <target> --format json
```

### Generate HTML report

```bash
prism scan <target> --format html -o report.html
```

### System residue cleanup (post-uninstall)

```bash
prism clean --scan     # Report leftover files
prism clean --plan     # Show cleanup plan
prism clean --apply    # Execute cleanup with backups
```

### CI/CD integration

```bash
prism scan <target> --format sarif -o results.sarif --fail-on high
```

## Understanding Results

Prism assigns a grade from A to F:

| Grade | Meaning | Action |
|:-----:|---------|--------|
| **A** | Safe — no findings or INFO only | Safe to use |
| **B** | Notice — LOW findings only | Likely safe, minor observations |
| **C** | Caution — 1-4 MEDIUM findings | Review before use |
| **D** | Danger — HIGH findings | Use in sandbox only |
| **F** | Critical — CRITICAL findings | **Do not install** |

## Detection Coverage

Prism runs 39+ detection rules across 3 layers:

1. **Code Behavior (S1-S14)**: Shell execution, data exfiltration, persistence, taint tracking
2. **Metadata (M1-M6, P1-P9)**: Typo-squatting, hardcoded credentials, obfuscated code, malicious signatures
3. **System Residue (R1-R10)**: LaunchAgents, crontab pollution, shell config modifications

## Workflow

When the user asks to check a skill's safety:

1. Determine the target (local path, GitHub URL, or package name)
2. Run `prism scan <target> --format json`
3. Parse the JSON output
4. Present the grade, findings summary, and recommendation
5. If grade is D or F, **strongly warn** the user not to install
6. If grade is C, advise reviewing specific findings before proceeding
7. If grade is A or B, confirm it's safe with a brief summary

When the user wants to clean up after uninstalling a skill:

1. Run `prism clean --scan` to detect residue
2. Show the user what was found
3. If cleanup is desired, run `prism clean --plan` then `prism clean --apply`

Comments 0

Latest | Hot

Please login before commenting.

Loading comments...