← Back to Skills Marketplace
Prism
by
Jeremy Knows
· GitHub ↗
· v2.1.1
· MIT-0
373
Downloads
0
Stars
2
Active Installs
3
Versions
Install in OpenClaw
/install prism
Description
Use PRISM when: (1) reviewing an architecture decision, security-sensitive change, or major refactor (>500 lines), (2) making a decision you'll live with for...
Usage Guidance
This skill is internally consistent for orchestrating multi-agent code reviews, but it will read your repository files and store review archives under analysis/prism/archive/. Before installing or running: (1) confirm you are comfortable with an automated process reading and quoting files from your workspace (sensitive secrets in repo files could end up in findings), (2) inspect or create the referenced completion script (~/.openclaw/scripts/sub-agent-complete.sh) so you know what 'completion' does and whether it triggers any network callbacks, (3) review the README/git-clone source (https://github.com/jeremyknows/PRISM.git) if you want the canonical implementation, and (4) consider retention: PRISM archives reviews by default—ensure that archive retention policies meet your data-sensitivity requirements. If any of the above is unacceptable (exposing secrets, automatic callbacks), restrict the skill's access or run it in a controlled sandbox.
Capability Analysis
Type: OpenClaw Skill
Name: prism
Version: 2.1.1
The PRISM skill bundle implements a multi-agent review protocol that uses sub-agents to perform adversarial analysis on code and architecture. While the logic is aligned with its stated purpose, the skill contains a significant prompt-injection vulnerability explicitly acknowledged in the 'Known Limitations' section of SKILL.md: prior review findings are retrieved from a local archive and injected into reviewer prompts without sanitization. This allows a potentially compromised archive file to influence agent behavior. Furthermore, the orchestrator performs broad file system operations and executes shell commands, including a call to a local script (~/.openclaw/scripts/sub-agent-complete.sh), which increases the risk profile in the presence of the injection vulnerability.
Capability Assessment
Purpose & Capability
The skill is a review/orchestration protocol. It only asks to read the workspace, search/archive prior reviews, spawn reviewers, synthesize findings, and save an archive — all expected for a review orchestrator. No unrelated credentials, binaries, or external services are required.
Instruction Scope
The SKILL.md instructs reviewers to read files from the workspace, quote file/line citations, run common shell commands (find, grep, wc, mkdir), and write review archives under analysis/prism/archive/. These actions are consistent with the review purpose but do mean the agent will read and include snippets from repository files in findings (potentially including sensitive content).
Install Mechanism
No install spec or packaged code is included; this is instruction-only. README suggests an optional git clone from a GitHub repo (public, documented). No downloads from untrusted URLs or archives are present.
Credentials
The skill declares no required environment variables, credentials, or config paths. The runtime prompts reference standard workspace paths (e.g., analysis/prism/archive/) and an agent script (~/.openclaw/scripts/sub-agent-complete.sh) which are reasonable for archiving/completion signaling. No unrelated secrets are requested.
Persistence & Privilege
always:false (normal). The skill writes archives into the workspace and calls a local completion script; this is expected for archival/synthesis. Confirm that the completion script and archive path behave as you expect (they could cause network callbacks depending on your environment).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install prism - After installation, invoke the skill by name or use
/prism - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
PRISM v2.1.1 introduces new reference documentation and minor protocol enhancements.
- Added 3 new reference files: `archive-retention-policy.md`, `evidence-rules.md`, and `orchestration.md`
- Improved guidance and metadata in the main skill documentation (SKILL.md) for clarity and maintainability
- No breaking changes to review flows or user commands
v2.0.1
PRISM v2.0.1 is a reviewer/role expansion and documentation update.
- Standard mode now uses 6 reviewers (adds Blast Radius Reviewer).
- Extended mode now starts at 8+ agents (was 7+).
- Mode tables and reviewer role documentation updated to reflect new reviewer counts.
- SKILL-v1.md removed (v1 docs deprecated).
- No protocol logic changes; only documentation and role updates.
v2.0.0
v2.0.0: Adds review memory (prior findings brief), DA structural independence, evidence citation requirements, command-level actionability, Orchestrator Checklist, archive protocol, and 13 bug fixes from 9-agent self-review. Validated across 19 PRISM runs on itself.
Metadata
Frequently Asked Questions
What is Prism?
Use PRISM when: (1) reviewing an architecture decision, security-sensitive change, or major refactor (>500 lines), (2) making a decision you'll live with for... It is an AI Agent Skill for Claude Code / OpenClaw, with 373 downloads so far.
How do I install Prism?
Run "/install prism" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Prism free?
Yes, Prism is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Prism support?
Prism is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Prism?
It is built and maintained by Jeremy Knows (@jeremyknows); the current version is v2.1.1.
More Skills