ClawHub

Surf Check

Security checks across malware telemetry and agentic risk

Overview

This skill coherently checks surf forecasts, with optional Surfline Premium login and local session storage that users should treat carefully.

Install only if you are comfortable with a Node tool that contacts Surfline and NOAA. If you use Surfline Premium login, treat data/session/cookies.json like a password, keep the skill directory private, avoid syncing it to shared backups or cloud folders, and delete the cookie file when you no longer need authenticated access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions, yet its documented behavior and associated analysis indicate use of environment variables and network access. This creates a transparency and trust problem: an agent or user may authorize or run the skill without understanding that it can read credentials and contact external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose frames the skill as a simple surf decision engine, but the analyzed behavior includes account login automation, credential use, cookie/session reuse, premium endpoint access, NOAA fetching, and persistent state tracking. This mismatch is dangerous because it obscures sensitive operations that expand the attack surface and may cause users to expose credentials or permit automation they did not expect.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This script reads Surfline credentials from environment variables, performs an authenticated browser login, and writes the resulting session cookies to disk in a reusable form. Persisting authenticated session material creates a credential-adjacent secret on disk that could be reused by other code or an attacker with local access, and this capability is broader than the stated surf-decision purpose of the skill.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is described as a surf forecast decision engine, but this file adds browser automation for account login and session persistence, which is a materially different and more sensitive capability. That mismatch increases supply-chain and operator risk because users may grant or run the skill expecting forecast logic, while the code handles credentials and authenticated sessions that can expose premium account access.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README instructs users to save authenticated Surfline session cookies locally and reuse them for API access, but it does not warn that these cookies are effectively bearer credentials. If stored insecurely, copied into backups, or exposed on a shared machine, they could allow unauthorized access to the user's Surfline account/session.

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
91% confidence
Finding
playwright==1.40.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal