:large_blue_diamond: Prism Scanner

Security scanner for AI Agent skills, plugins, and MCP servers.

Prism analyzes code for malicious behavior before you install it — and checks your system for leftover threats after you uninstall.

Unlike marketplace-only trust scores, Prism gives you full lifecycle coverage with code-level transparency — pre-install, runtime, and post-uninstall — across every platform, completely open source.

:sparkles: What's new in v0.2.x

• P10 — Agent psychological manipulation detection: detects gaslighting, guilt-tripping, authority impersonation, urgency pressure, and emotional coercion patterns embedded in skill descriptions, prompts, and code strings. Based on Northeastern/Harvard/MIT research on conversational manipulation of AI agents — to our knowledge, the first open-source automated detector for this attack class.
• M7 — Publish hygiene checks: catches source maps, .env files, private keys, IDE configs, and package-manager credentials before they ship. Inspired by Anthropic's April 2026 source-map leak that exposed 512K lines of Claude Code internals via npm. Wire it into your CI:

  prism scan ./dist --fail-on high
  

• 47–93% fewer false positives on real-world skills (S1, S4, S8, S12 engine fixes; validated against 3 representative ClawHub skills that previously flooded with false flags).
• 41 detection rules total across S1–S14 (behavior), M1–M7 (metadata + publish hygiene), P1–P10 (patterns + manipulation), and R1–R10 (residue).
• v0.2.2 fixes a cosmetic version-string mismatch (prism --version reported 0.1.3 after upgrading to 0.2.1); detection behavior is identical to v0.2.1.

Why Prism?

| | Marketplace Trust Scores | Prism Scanner | |--------------------|:------------------------:|:-----------------:| | Pre-install | :white_check_mark: Reputation score | :white_check_mark: Deep code analysis | | Post-uninstall | :x: | :white_check_mark: Residue & persistence scan | | Inspection | Black-box rating | Code-level, rule-by-rule | | Platforms | Single ecosystem | ClawHub, MCP, npm, pip | | Source | Closed | Open (Apache 2.0) | | Execution | Requires upload | Local-first, offline OK |

Quick Start

pip install prism-scanner

# Scan a local skill directory
prism scan ./my-skill/

# Scan a GitHub repo directly
prism scan https://github.com/user/skill-repo

# Check your system for agent residue
prism clean --scan

# Generate a cleanup plan (non-destructive)
prism clean --plan

# Execute cleanup with automatic backups
prism clean --apply

Homebrew (macOS)

brew tap prismlab/tools
brew install prism-scanner

npx (no install needed)

npx prism-scanner scan https://github.com/user/skill-repo

GitHub Action (CI/CD)

Add Prism to your CI pipeline — findings appear in GitHub's Security tab:

# .github/workflows/prism-scan.yml
name: Prism Security Scan
on: [push, pull_request]

permissions:
  security-events: write
  contents: read

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: aidongise-cell/prism-scanner@mai

... [View full README on GitHub](https://github.com/aidongise-cell/prism-scanner#readme)