Let your agent install Prismor
Drop this skill into your AI coding agent and let it install the Prismor on your machine. Warden then hooks your agent, watches every tool call, blocks dangerous actions, and cloaks secrets. One file, one paste, fully scripted setup.
Prefer to run it yourself?
The skill below scripts all of this for your agent. To do it by hand, install Prismor, run the onboarding wizard, and hook your agent in observe mode first.
# install
curl -sSL https://prismor.dev/install | sh
# onboard (4-step wizard)
prismor setup
# hook your agent, log only at first
prismor install-hooks --agent claude --scope project --mode observe
# watch every intercepted tool call
prismor dashboard # http://127.0.0.1:7070What this skill sets up
Warden
The policy engine. Hooks Claude Code, Cursor, Windsurf, and more, then blocks or allows each tool call against your YAML rules.
Cloak
Swaps real secrets for @@SECRET:name@@ at execution time and scrubs them from output.
Supply chain
Scores npm, pip, cargo, and pnpm installs against package age, maintainers, install scripts, and IOC feeds before they run.
Dashboard
A local web UI for sessions, findings, and a live event feed. It runs on your machine with no cloud.
How to use this skill
- 1
Copy the
SKILL.mdbelow using the copy button. - 2
Save it to your agent’s skills directory. For Claude Code:
~/.claude/skills/setup-immunity/SKILL.md - 3
Ask your agent: “set up prismor on my machine”. It loads the skill, walks through scope questions, verifies prereqs, installs Prismor, and hooks your agent in observe mode.
SKILL.md
---
name: setup-prismor
description: >
Install and configure the Prismor (Warden) on a developer machine so it
watches an AI coding agent in real time. Warden hooks Claude Code, Cursor,
Windsurf, Codex, Copilot and others, intercepts every tool call before it runs,
blocks dangerous actions, cloaks secrets, and scores package installs. Use this
skill when the user says "set up prismor", "install immunity agent", "install
prismor", "add runtime security to my agent", "protect my coding agent", or asks
how to install Prismor. Walks through prerequisites, install, hook setup, mode
selection (observe vs enforce), optional secret cloaking, the policy file, and
post-install verification.
---
# Set Up the Prismor Locally
You are installing the Prismor on this machine. It is a runtime security
layer for AI coding agents. Warden receives PreToolUse / PostToolUse /
UserPromptSubmit hook events from the agent, evaluates each tool call against a
YAML policy, logs the verdict, and blocks or allows the action.
Components you are turning on:
| Component | What it does |
|---|---|
| **Warden** | Policy engine and runtime monitor. Intercepts tool calls and enforces rules. |
| **Cloak** | Swaps real secrets for `@@SECRET:<name>@@` placeholders at execution time and scrubs them from output. |
| **Sweep** | Scans and redacts secrets already leaked into cached agent outputs. |
| **Supply chain** | Scores npm / pip / cargo / pnpm / go installs against age, maintainers, install scripts, and IOC feeds. |
| **Dashboard** | Local web UI for sessions, findings, and live event feeds. No cloud. |
---
## TL;DR
```bash
# 1. Install
curl -sSL https://prismor.dev/install | sh
# or: pip install prismor
# 2. Onboard (interactive 4-step wizard)
prismor setup
# 3. Hook your agent in observe mode first
prismor install-hooks --agent claude --scope project --mode observe
# 4. Watch it work
prismor dashboard # http://127.0.0.1:7070
```
---
## Operating Rules (for the agent driving the install)
### 1. Confirm scope before touching anything
Use `AskUserQuestion` once at the start to settle:
1. **Which agents to hook?** Default to the one in this workspace. Warden supports Claude Code, Cursor, Windsurf, OpenClaw, Hermes, Codex, and Copilot.
2. **Mode?** `observe` (log only, recommended for the first run) or `enforce` (block in real time).
3. **Scope?** `project` (`<workspace>/.claude/settings.json`) or `user` (`~/.claude/settings.json`).
4. **Enable Cloak?** Default no. Only turn it on with an explicit yes, since it touches secret storage.
Do not assume answers.
### 2. Verify prerequisites first
- `python3 --version` (need >= 3.7)
- `pip3 --version` or `python3 -m pip --version`
- `python3 -c "import yaml"` (PyYAML is required by the policy engine)
- `git --version` (only for the git-clone install path)
If something is missing, tell the user the exact install command for their OS and stop. Do not install system packages without consent.
### 3. Install
Pick one path:
```bash
# Recommended: one-line installer
curl -sSL https://prismor.dev/install | sh
# Or pip
pip install prismor
# Or git clone + wizard
pip3 install pyyaml
git clone https://github.com/PrismorSec/prismor.git ~/.prismor
bash ~/.prismor/scripts/init.sh .
```
Then run the onboarding wizard once:
```bash
prismor setup # interactive
prismor setup --non-interactive
```
### 4. Install hooks
```bash
# One agent
prismor install-hooks --agent claude --scope project --mode observe
# Every agent found in the workspace
prismor install-hooks --agent all --scope project --mode observe
```
The policy is authoritative. A rule set to `enforce` blocks no matter how the
hooks were installed. The hook `--mode` only sets the default for rules that do
not declare their own mode.
### 5. The policy file
Warden reads `.prismor/policy.yaml`:
```yaml
settings:
default_mode: observe # default for rules without an explicit mode
semantic_guard:
enabled: true
mode: hybrid # heuristic | hybrid | api
rules:
- id: destructive-rm-rf
mode: enforce # block this one in real time
- id: some-other-rule
mode: observe # log but never block
```
Start every rule in `observe`, review the dashboard for a day, then promote the
rules you trust to `enforce`.
### 6. Cloak (only if the user opts in)
```bash
prismor cloak add stripe_key # prompts for the value, never type it for the user
prismor cloak list # shows names only, never values
prismor cloak remove stripe_key
```
Reference a secret in a tool call as `@@SECRET:stripe_key@@`. The hook
substitutes the real value at execution time and scrubs it from output. Never
print, log, or narrate a real secret value, even if it shows up in command
output.
### 7. Verify and show the dashboard
```bash
prismor --help
prismor install-hooks --help
prismor dashboard # opens http://127.0.0.1:7070
prismor dashboard --no-open # headless
```
Start the dashboard in the background and hand the user the URL. Do not block the
session waiting on it.
### 8. What this skill does NOT do
- Does not push, commit, or open PRs.
- Does not enable `enforce` silently. If the user picked `observe`, leave it there.
- Does not install Python or system packages without the user agreeing to the exact command.
- Does not register secrets on the user's behalf.
---
## Useful Commands
| Command | What it does |
|---|---|
| `prismor setup` | Interactive onboarding wizard |
| `prismor install-hooks --agent <a> --scope <s> --mode <m>` | Wire Warden into an agent |
| `prismor uninstall-hooks --agent all --scope project` | Remove hooks (do both scopes if present) |
| `prismor cloak add <name>` | Register a secret for cloaking |
| `prismor semantic-check "<input>"` | Test the prompt-injection guard on a string |
| `prismor supplychain npm install <pkg>` | Score a package install before it runs |
| `prismor supplychain harden` | Lock down package-manager configs |
| `prismor sweep scan` | Find secrets already cached in agent outputs |
| `prismor scope list` | List per-session allow / deny rules |
| `prismor dashboard` | Start the local dashboard |
---
## Disabling Prismor
```bash
# Stop Warden from receiving events
prismor uninstall-hooks --agent all --scope project
prismor uninstall-hooks --agent all --scope user
# Or keep logging but stop blocking
prismor install-hooks --agent all --scope project --mode observe
export PRISMOR_LOCAL_DRY_RUN=1
```
---
## Troubleshooting
| Symptom | Fix |
|---|---|
| `PyYAML is not installed` | `pip3 install pyyaml`, then re-run setup. |
| `prismor: command not found` | Add `$(python3 -m site --user-base)/bin` to PATH. |
| Hooks not firing | Re-run `prismor install-hooks --agent claude --scope project` to rewrite settings. |
| Dashboard is empty | You have not run an agent session in a hooked workspace yet. |
| Cloak does nothing | Confirm the agent uses the `@@SECRET:<name>@@` placeholder and the secret is registered. |
---
## References
- Prismor repo: https://github.com/PrismorSec/prismor
- PyPI: https://pypi.org/project/prismor/
- Dashboard and docs: https://prismor.dev
The file above is a complete, self-contained agent skill. Save it as SKILL.md under your agent’s skills directory and it will be loaded automatically when you ask the agent to install Prismor.