Skillv1.0.1

ClawScan security

MTG Wiki (English) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 8:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (an offline MTG knowledge base) matches its instructions, but the package does not include the claimed local data/tools — it tells the agent to clone and run an external GitHub repo and scripts, which is a notable risk and mismatch.
Guidance: This skill's behavior is coherent for an MTG knowledge assistant, but the package does not include the promised local database and scripts — the README tells you to git clone and run an external GitHub repository. That means installing/run-time will fetch and execute third-party code. Before installing or running it: 1) Inspect the GitHub repository (owner, recent commits, README, and especially the scripts referenced: build_indices.py, card_search.py, rule_search.py, name_translator.py) and confirm there is no unexpected network/exfiltration logic. 2) Prefer running any build or index steps in a sandboxed environment or VM and with least privilege. 3) If you want to avoid executing external code, ask the publisher to include a vetted release artifact (signed/pinned release or checksum) or to package the required data in the skill bundle. 4) Note that no secrets are required by the skill itself, so credential exposure is not an immediate concern, but network calls to external APIs mean user queries could be sent to those services — review their privacy policies if that matters. If you cannot audit the external repo, treat this skill as higher risk.

Review Dimensions

Purpose & Capability: noteThe skill claims a local ~187-page wiki and a 37,230-card Oracle DB and describes local tools (card_search.py, rule_search.py, name_translator.py). The bundled skill is instruction-only and does not include those files or the database; instead the SKILL.md instructs cloning an external GitHub repo to obtain them. Requesting python3 is appropriate, but the absence of the promised local data in the bundle is an important mismatch.
Instruction Scope: noteRuntime instructions are focused on MTG tasks (reading wiki pages, running local search scripts, citing CR/MTR rules, calling mtgch and Scryfall). They do not ask for unrelated environment variables or secrets. However, they explicitly direct the agent to fetch external code (git clone) and run scripts (e.g., build_indices.py), which expands the runtime scope to arbitrary remote code execution unless the fetched repository is audited.
Install Mechanism: concernThere is no formal install spec in the package. The SKILL.md instructs cloning https://github.com/RaymondYHH/mtg-skill.git and running build scripts from it. Pulling and executing code from an external, third-party GitHub repo is higher-risk than an instruction-only skill that uses only on-platform tools; the repository owner is not verified in the metadata and no pinned release or checksum is provided.
Credentials: okThe skill declares no required environment variables or credentials. It references public APIs (mtgch.com, api.scryfall.com) which generally do not require user secrets for basic queries. No unrelated credentials or config paths are requested.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated privileges. It does instruct building local indices and will create files on disk when you run build_indices.py, which is expected for a local knowledge base but is an action that persists data and executes code fetched from the network.