Prism Scanner
@aidongise-cell
About Prism Scanner
Security scanner for AI Agent skills, plugins, and MCP servers. 39+ detection rules with AST taint tracking, A-F grading, and post-uninstall residue cleanup.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"prism-scanner": {
"command": "npx",
"args": [
"prism-scanner",
"scan",
"https://github.com/user/skill-repo"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Prism Scanner?
Prism Scanner is a security scanner for AI Agent skills, plugins, and MCP servers. It analyzes code for malicious behavior before installation and checks for leftover threats after uninstallation, covering pre‑install, runtime, and post‑uninstall phases across platforms including ClawHub, MCP, npm, and pip. It is designed for developers and security professionals who need code‑level transparency and open‑source tooling.
How to use Prism Scanner?
Install via pip install prism-scanner, Homebrew, npx prism-scanner, or Docker. Use the CLI commands prism scan <target> to scan a local directory or GitHub repo, and prism clean --scan, prism clean --plan, or prism clean --apply for system residue management. It can also run as an MCP server exposing four tools (prism_scan, prism_grade, prism_clean_scan, prism_clean_plan) for integration with AI assistants.
Key features of Prism Scanner
- 39 detection rules across three analysis layers
- Intra‑file taint tracking for data flow analysis
- Multi‑platform support (ClawHub, MCP, npm, pip)
- Pure static analysis; never executes scanned code
- System residue scanner for post‑uninstall persistence checks
- Safe cleanup with plan‑apply‑rollback workflow
- Custom detection rules via YAML files
- Offline mode to skip all external lookups
Use cases of Prism Scanner
- Pre‑install security audit of an AI agent skill or plugin
- Post‑uninstall system residue and persistence detection
- CI/CD gating to block deployments with critical findings
- Generating SARIF reports for GitHub Code Scanning integration
FAQ from Prism Scanner
How is Prism Scanner different from marketplace trust scores?
Prism provides deep code analysis with rule‑by‑rule transparency instead of a black‑box reputation score. It covers pre‑install and post‑uninstall phases, works across multiple platforms, and is fully open source (Apache 2.0).
What are the runtime requirements?
Python 3.10+ is required. The scanner has zero dependencies on the target code — it performs pure static analysis and never executes the scanned skill or plugin. It can run locally, offline.
Does Prism Scanner support custom detection rules?
Yes. Detection rules are defined in YAML files under the rules/ directory (e.g., malicious_signatures.yaml, permissions.yaml, suspicious_domains.yaml). Adding entries extends detection without modifying Python code.
How does the cleanup workflow work?
It uses a three‑tier workflow: prism clean --scan lists findings, prism clean --plan generates a non‑destructive cleanup plan, and prism clean --apply executes cleanup with automatic backups (supports --rollback).
What output formats are available?
Rich terminal output by default, plus JSON, standalone HTML, and SARIF format for GitHub Code Scanning integration. Use --format and -o flags to specify.
More Other MCP servers
Activepieces
activepiecesAI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
ICSS
chokcoco不止于 CSS
MCP Registry
modelcontextprotocolA community driven registry service for Model Context Protocol (MCP) servers.
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
Inbox Zero AI MCP
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
Comments