Game of Cards
PassAudited by ClawScan on May 16, 2026.
Overview
The skill is coherent for local Game of Cards workflow management, but it lets the agent run a bundled card-management tool and automatic workflow reminders, so install it only where you want that behavior.
Install this if you want OpenClaw to manage a local Game of Cards deck and nudge the agent toward that workflow. Before use, confirm Python 3.10+ is on PATH, run it only in intended workspaces, and review any `.game-of-cards/hooks/` files and resulting deck or commit changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can update local GoC deck state when it decides the workflow calls for it.
The model-invokable tool exposes the bundled CLI broadly, including mutable deck operations and a selectable working directory. This is aligned with the skill purpose but is still meaningful local authority.
`goc` | Files, advances, decides on, or closes cards in `.game-of-cards/deck/`. Wraps every goc CLI verb behind one typed function call: `verb`, `args[]`, optional `flags`, optional `cwd`.
Use the plugin in repositories where you want agent-managed card workflows, and review deck changes or commits before relying on them.
The agent may prioritize deck-first workflow steps even when the user gives a general work prompt.
The plugin intentionally modifies the agent's context during lifecycle hooks to encourage the GoC workflow. This is disclosed and purpose-aligned, but it can steer agent behavior.
`before_prompt_build` | deck-first reminder | Detects work-initiating prompts; appends a deck-first reminder to system context
Keep the plugin enabled only for workspaces where GoC reminders are desired; disable it if you want unmodified agent behavior.
A repository can shape how the agent performs deck hygiene when this skill runs.
A project-local Markdown hook can be loaded into the skill's working context and influence the refinement workflow. This is a legitimate extension mechanism, but untrusted repository content could affect agent instructions.
`cat .game-of-cards/hooks/refine-deck.md 2>/dev/null || true` ... The consuming repo may extend this hygiene flow via `.game-of-cards/hooks/refine-deck.md`
Review `.game-of-cards/hooks/*.md` files in unfamiliar repositories and treat them as project configuration, not unquestionable authority.
The skill may fail or use the first `python3` found on PATH if the host does not have the expected Python version.
The skill discloses a Python runtime dependency, while the registry metadata lists no required binaries. This is not hidden behavior, but it means the registry contract may not enforce the prerequisite.
The bundled engine under `openclaw-plugin/goc/` ... the only host prerequisite is `python3` (3.10+).
Confirm `python3 --version` is 3.10 or newer before relying on the plugin.