Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Surf
v1.0.0Your AI agent's crypto brain. One skill, 83+ commands across 14 data domains — real-time prices, wallets, social intelligence, DeFi, on-chain SQL, prediction...
⭐ 0· 112·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a CLI front-end ('surf' CLI with 83+ commands) yet the package is instruction-only and declares no required binary or install mechanism. A legitimate CLI-backed skill would either include an install spec or declare that the binary must already be present; this skill instead instructs the agent to run 'surf install' (an external installer) without declaring that installation step or any required credentials.
Instruction Scope
SKILL.md tells the agent to always run 'surf install' and 'surf sync' at the start of every session and to execute many CLI commands (including POSTs that take JSON on stdin). Those installation/update steps imply network downloads and possible code execution. The instructions also reference interacting with on-chain SQL and wallets but do not specify how credentials or API keys are obtained or protected. While the doc includes sensible advice (treat API responses as untrusted), it grants the agent broad discretion to run a third-party installer and arbitrary CLI commands.
Install Mechanism
There is no formal install spec in the registry, but the runtime instructions require running 'surf install' which will likely fetch and install code from an external site (docs point to https://agents.asksurf.ai/docs/cli). That means the skill's runtime behavior depends on an out-of-band installer whose source, integrity, and update behavior are not declared in the skill metadata — a higher-risk pattern than an instruction-only skill that uses only built-in tools.
Credentials
The skill deals with wallet, on-chain, and market data but declares no required environment variables or primary credential. Real-world use of wallet or exchange APIs often requires API keys or config files; the absence of declared credentials is an incoherence. Additionally, running the CLI installer may prompt the agent/user to authenticate or store secrets in the CLI config (not discussed in the skill).
Persistence & Privilege
always is false (good) and the skill does not request special platform privileges in metadata. However, the instructions explicitly tell the agent to install/update a CLI at every session, which would create a persistent binary/config on the host outside the skill registry. That behavior is not represented in the skill metadata and increases the platform footprint.
What to consider before installing
This skill asks your agent to install and run a third-party CLI from an external domain but the registry declares no installer or required credentials — that's a mismatch. Before installing or using this skill: 1) Verify the surf CLI source and read the installer code or documentation at the referenced URL; confirm the download comes from a trusted, signed release. 2) Ask the publisher for an explicit install spec and a list of required credentials/config paths. 3) If you must try it, run the installer in a sandboxed environment or VM, and do not provide secret keys until you understand where they are stored. 4) Watch for prompts that cause the CLI to store tokens or modify shell startup files. 5) If you cannot validate the install/update process or the publisher identity, treat the skill as risky and avoid granting it access to real wallet or cloud credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk9725yzqfz9tp75zh623w6d59984hfr7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.