scryfall-card
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The skill bundle is benign. The `SKILL.md` provides clear, non-malicious instructions for an AI agent to interact with the Scryfall API. The `scripts/scryfall_search.py` script uses standard Python libraries (`urllib.request`, `json`) to make HTTP GET requests exclusively to `https://api.scryfall.com`, implementing rate limiting and error handling. There is no evidence of data exfiltration, malicious execution, persistence, prompt injection attempts against the agent, or obfuscation. All files are aligned with the stated purpose of searching Magic: The Gathering card data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Card names and search queries may be sent to Scryfall when the skill is used.
The helper script sends user search terms to the Scryfall API. This is expected for the skill's purpose and uses a fixed public API host.
BASE_URL = "https://api.scryfall.com" ... url = f"{BASE_URL}/cards/search?{params}" ... return make_request(url)Use normally for MTG card lookups; avoid entering unrelated private information into card search queries.