Releases: aidongise-cell/prism-scanner
v0.2.2 — CLI version string fix
What's fixed
prism --versionnow correctly reportsPrism Scanner v0.2.2. The v0.2.1 release shipped withcli.pystill hardcodingVERSION = "0.1.3", causing a confusing version mismatch afterpip install -U prism-scanner.
What's NOT changed
This is a cosmetic-only patch. Detection rules, engine behavior, and performance are 100% identical to v0.2.1. If you've already upgraded to v0.2.1 and don't care about the version banner, you don't need to upgrade.
Recap: what's new in the v0.2.x line (since v0.1.3)
If you're coming from v0.1.x, here's what you get:
- P10 — Agent psychological manipulation detection: gaslighting, guilt-tripping, authority impersonation, urgency pressure, emotional coercion. Based on Northeastern/Harvard/MIT research; to our knowledge the first open-source automated detector for this attack class.
- M7 — Publish hygiene checks: source maps,
.envfiles, private keys, IDE configs, package-manager credentials. Inspired by Anthropic's April 2026 Claude Code source map leak. Wire it into your CI:
```bash
prism scan ./dist --fail-on high
``` - 47–93% fewer false positives on real-world skills (S1, S4, S8, S12 engine fixes; validated against 3 representative ClawHub skills).
- 41 detection rules total across S1–S14 (behavior), M1–M7 (metadata + publish hygiene), P1–P10 (patterns + manipulation), R1–R10 (residue).
Install
```bash
pip install -U prism-scanner
prism --version # → Prism Scanner v0.2.2
```
Full changelog
v0.2.1: False Positive Reduction
What's Changed
Systematic false positive reduction validated against real ClawHub skills. This is a quality-only release — no new detection rules, only existing rules made more accurate.
Key Improvements
| Fix | Before | After |
|---|---|---|
S1 uvicorn.run()/asyncio.run() misfire |
Flagged as shell exec | Requires subprocess./os. prefix |
S12 path.open("rb") misfire |
Flagged as deserialization | Only fires on pickle./yaml./marshal./shelve. |
| P5 MAL-010/011/012 cross-file matching | Whole-file multiline → CRITICAL | Same-line proximity matching |
| P3 regex escapes / magic bytes | [\x00-\x1f] in regex flagged |
Regex context & binary headers excluded |
| P4 version numbers / doc IPs | 4.1.6.14 flagged as IP |
Version context & RFC 5737 IPs filtered |
| S5 config env vars noise | 59 LOW findings for config vars | Non-sensitive → INFO (no grade impact) |
M7 core/ directory |
Python package dir flagged as core dump | Directories skipped |
Validation on Real Skills
| Skill | v0.1.3 | v0.2.1 | Reduction | Grade |
|---|---|---|---|---|
| pitertxus/pensieve (blockchain) | 211 findings | 18 | -91% | F → D |
| haiyangchenbj/invassistant (finance) | 179 findings | 12 | -93% | F → D |
| larryfang/em-intel (engineering) | 118 findings | 62 | -47% | F → F* |
*em-intel remains F due to a genuine data exfiltration chain correctly identified by the scanner.
Testing
97 tests, all passing. 9 new regression tests for FP/TP coverage.
Full Changelog: https://github.com/aidongise-cell/prism-scanner/blob/main/CHANGELOG.md
v0.1.0 — Initial Release
🔷 Prism Scanner v0.1.0
Security scanner for AI Agent skills, plugins, and MCP servers.
Highlights
- 39 detection rules across 3 analysis layers:
- Code Behavior (S1-S14): Shell execution, data exfiltration, SSRF, persistence, unsafe deserialization, download-and-execute
- Metadata (M1-M6, P1-P9): Hardcoded credentials, typo-squatting, obfuscated payloads, prompt injection
- System Residue (R1-R10): LaunchAgents, crontab, shell config pollution, credential leaks
- Lightweight taint analysis — tracks source-to-sink data flows within each file
- Letter-grade risk assessment (A-F) with transparent scoring logic
- 4 output formats: Terminal (rich), JSON, HTML, SARIF (GitHub Code Scanning)
- Remote scanning via
git clonewith depth/size limits - Multi-platform: ClawHub, MCP, npm, pip
- Residue cleanup:
scan→plan→apply→rollback - CI/CD ready:
--fail-onseverity gating + GitHub Action - MCP Server mode: expose scanning tools to AI assistants
- Offline mode:
--offlinefor air-gapped environments - 67 automated tests covering all engines, scoring, and CLI
Install
pip install prism-scanner