Prism Scanner
@aidongise-cell
Prism Scanner について
Security scanner for AI Agent skills, plugins, and MCP servers. 39+ detection rules with AST taint tracking, A-F grading, and post-uninstall residue cleanup.
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"prism-scanner": {
"command": "npx",
"args": [
"prism-scanner",
"scan",
"https://github.com/user/skill-repo"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Prism Scanner?
Prism Scanner is a security scanner for AI Agent skills, plugins, and MCP servers. It analyzes code for malicious behavior before installation and checks for leftover threats after uninstallation, covering pre‑install, runtime, and post‑uninstall phases across platforms including ClawHub, MCP, npm, and pip. It is designed for developers and security professionals who need code‑level transparency and open‑source tooling.
How to use Prism Scanner?
Install via pip install prism-scanner, Homebrew, npx prism-scanner, or Docker. Use the CLI commands prism scan <target> to scan a local directory or GitHub repo, and prism clean --scan, prism clean --plan, or prism clean --apply for system residue management. It can also run as an MCP server exposing four tools (prism_scan, prism_grade, prism_clean_scan, prism_clean_plan) for integration with AI assistants.
Key features of Prism Scanner
- 39 detection rules across three analysis layers
- Intra‑file taint tracking for data flow analysis
- Multi‑platform support (ClawHub, MCP, npm, pip)
- Pure static analysis; never executes scanned code
- System residue scanner for post‑uninstall persistence checks
- Safe cleanup with plan‑apply‑rollback workflow
- Custom detection rules via YAML files
- Offline mode to skip all external lookups
Use cases of Prism Scanner
- Pre‑install security audit of an AI agent skill or plugin
- Post‑uninstall system residue and persistence detection
- CI/CD gating to block deployments with critical findings
- Generating SARIF reports for GitHub Code Scanning integration
FAQ from Prism Scanner
How is Prism Scanner different from marketplace trust scores?
Prism provides deep code analysis with rule‑by‑rule transparency instead of a black‑box reputation score. It covers pre‑install and post‑uninstall phases, works across multiple platforms, and is fully open source (Apache 2.0).
What are the runtime requirements?
Python 3.10+ is required. The scanner has zero dependencies on the target code — it performs pure static analysis and never executes the scanned skill or plugin. It can run locally, offline.
Does Prism Scanner support custom detection rules?
Yes. Detection rules are defined in YAML files under the rules/ directory (e.g., malicious_signatures.yaml, permissions.yaml, suspicious_domains.yaml). Adding entries extends detection without modifying Python code.
How does the cleanup workflow work?
It uses a three‑tier workflow: prism clean --scan lists findings, prism clean --plan generates a non‑destructive cleanup plan, and prism clean --apply executes cleanup with automatic backups (supports --rollback).
What output formats are available?
Rich terminal output by default, plus JSON, standalone HTML, and SARIF format for GitHub Code Scanning integration. Use --format and -o flags to specify.
「その他」の他のコンテンツ
Maestro
mobile-dev-incPainless E2E Automation for Mobile and Web
AutoBrowser MCP
autobrowser-aiBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
🪟 Windows-MCP
CursorTouchMCP Server for Computer Use in Windows
ghidraMCP
LaurieWiredMCP Server for Ghidra
Production-ready MCP integrations for AI applications
Klavis-AIKlavis AI: MCP integration platforms that let AI agents use tools reliably at any scale
コメント