prism-scanner
Overview
A security scanner for AI Agent skills, plugins, and MCP servers, offering static analysis with taint tracking and residue detection.
Capabilities
- • prompt templates
- • github integration
- • mcp client integration
- • workflow automation support
Best For
prism-scanner is a Python security tool for scanning AI Agent skills, plugins, and MCP servers via static analysis and taint detection.
Decision Snapshot
Install
available
Usage
available
Config
3 strong hints
Capabilities
4 key capabilities detected
- • GitHub stars: 8
- • Forks: 1
- • Source provenance count: 1
- • Last seen: 3/24/2026
- • Published: 3/18/2026
Installation / Setup
pip install prism-scanner && # Scan a local skill directory && prism scan ./my-skill/ && # Scan a GitHub repo directly
Usage
pip install prism-scanner && # Scan a local skill directory && prism scan ./my-skill/ && # Scan a GitHub repo directly
Features
- • **Taint Analysis** — Tracks data flow from sources (env vars, user input) to sinks (shell, network) within each file
- • **Zero Dependencies on Target** — Pure static analysis; never executes scanned code
- • **Residue Scanner** — Detects persistence mechanisms, shell config pollution, and credential leaks left by uninstalled tools
- • **Safe Cleanup** — Three-tier workflow (scan -> plan -> apply) with automatic backup and --rollback
- • **Suppression** — Use .prismignore to suppress known findings by rule ID with justification
- • **Offline Mode** — Run with --offline to skip all external lookups
- • prompt templates
- • github integration
Use Cases
- • Supports capabilities such as: prompt templates; github integration; mcp client integration.
- • Common usage themes: security, scanner, ai-agent, skill.
Supported Clients / Integrations
- • prompt templates
- • github integration
- • mcp client integration
- • workflow automation support
Compatibility Signals
- • GitHub: supports (Detected in parser config/capability hints.)
Prompt Examples
example
• pip install prism-scanner && # Scan a local skill directory && prism scan ./my-skill/ && # Scan a GitHub repo directly
Notes / Requirements
- • Primary language: Python
- • License: Apache-2.0
- • Parser coverage score: 1.00
- • Source feeds: PyPI RSS + JSON API
- • Topic cluster: general
Official Links
Source Information
You can verify all information on this page against the source repository above.
Related MCP Tools
ogulcanaydogan-mcp-security-scanner
A security scanner for Model Context Protocol (MCP) servers, detecting prompt injection, tool poisoning, capability escalation, and rug-pull attacks.
ssh-licco
ssh-licco is an SSH Model Context Protocol Server that enables SSH functionality for AI models.
factorhub-mcp
MCP server for FactorHub, providing China A-share market data for AI agents.
mipiti-mcp
mipiti-mcp is an MCP server for Mipiti, an AI-powered security posture platform, built with Python.
What To Do Next
Continue from this tool into a workflow and a learn guide to shorten implementation time.