Surfagent Perception

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill coherently teaches agents to use a local SurfAgent browser-perception daemon, with disclosed but sensitive browser and token implications.

Install only if you trust the SurfAgent daemon you run locally. Treat ~/.surfagent/daemon-token.txt as a secret, keep the daemon bound to localhost, and avoid using the skill on pages containing passwords, account data, or private information unless you are comfortable with the agent seeing that browser content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documentation explicitly discloses the location of a Bearer auth token file (`~/.surfagent/daemon-token.txt`) but provides no warning about protecting that credential, minimizing exposure, or avoiding logging/sharing it. In an agent/tooling context, this can normalize unsafe handling of a live local secret and increase the chance that downstream agents, scripts, or users read, print, exfiltrate, or misuse the token to access the SurfAgent daemon.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal