Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Surfagent Browser
v1.0.0Control a real Chrome browser from your AI agent — navigate, click, type, fill forms, extract content, manage tabs, and automate workflows via SurfAgent's RE...
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (control a real Chrome via SurfAgent REST API on localhost:7201) matches the API calls documented in SKILL.md. However the registry metadata lists node as a required binary even though the runtime examples use curl/HTTP; it's unclear why node is required. This mismatch is unexplained and unnecessary for an instruction-only HTTP client.
Instruction Scope
The instructions direct the agent to call a localhost REST API that controls a real Chrome with persistent cookies and sessions. The API includes endpoints for evaluating arbitrary JavaScript (/browser/evaluate), extracting page state and content, filling forms (including credentials), and solving CAPTCHAs. Those actions legitimately belong to a browser-control skill, but they also provide broad access to sensitive user data and the ability to act as the user. SKILL.md does not specify where or how the Bearer token is managed, nor does it constrain use of evaluate() which can be used to read any page data and exfiltrate it to the agent.
Install Mechanism
Instruction-only skill with no install spec and no code files — the lowest-risk install mechanism. Nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables, yet it relies on a Bearer auth token for localhost:7201 calls — SKILL.md does not declare how the agent obtains that token or whether it should be provided via env. The declared requirement of the node binary is disproportionate given the HTTP-based instructions. The combination of missing token guidance and an unexplained binary requirement is inconsistent.
Persistence & Privilege
The skill is not set to always:true and uses normal autonomous invocation settings. That is appropriate. However the capability it triggers—control of the user's real Chrome with persistent cookies/sessions—gives the skill a high effective privilege (ability to access logged-in accounts and perform actions). This is a design-level risk (powerful capability) rather than a metadata misconfiguration.
What to consider before installing
This skill lets an agent control a real Chrome browser on your machine, access logged-in sessions, run arbitrary page JS, fill forms (including credentials), and attempt CAPTCHA solves. Before installing: 1) Verify the SurfAgent daemon's provenance (download source, checksums, signing) and run it only if you trust it. 2) Find out how the Bearer token is issued/stored — do not provide agent or global secrets unless you intend to grant full browser control. 3) Prefer running SurfAgent with a dedicated, isolated Chrome profile (no saved passwords or personal sessions) or in a VM/container to limit exposure. 4) Ask the author why 'node' is required in metadata; it's not justified by the HTTP-only instructions. 5) Treat /browser/evaluate and content-extraction endpoints as high-risk: they can read and exfiltrate sensitive data, so only enable this skill for agents you trust and consider network/firewall rules that prevent unexpected outbound exfiltration. If you cannot confirm the daemon's trustworthiness or the token-management details, do not enable this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk973c88y6ym3say2njgfjgm779845ft0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode