scryfall-cards
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a narrow Scryfall search helper for Magic card data, with no evidence of hidden persistence, credential use, destructive actions, or unrelated access.
Before installing, expect the skill to send your card names or search queries to Scryfall over the network. It does not appear to need credentials or privileged local access, but you should review the search script if you have strict privacy requirements around query disclosure.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.