ClawHub

Windsurf CLI agent

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for Windsurf Cascade; it describes powerful agent features but does not install code, hide behavior, or instruct unrelated unsafe actions.

Install only if you want documentation for using Windsurf Cascade. Keep terminal execution in Manual mode unless you are in a sandbox, avoid Turbo Mode on sensitive or production projects, review MCP servers and tokens carefully, do not hardcode real credentials in shared config files, and clear or disable memories/rules that may retain sensitive project context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises a mode that auto-executes terminal commands without manual confirmation, but provides no safety warning, guardrails, or constraints. In the context of an AI coding agent with terminal access, this increases the chance that unsafe, destructive, or externally influenced commands could run automatically, especially if users enable the feature without understanding the risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill says Cascade may automatically invoke skills when they are 'relevant' but does not define strong trigger boundaries, approval requirements, or trust constraints. In an agentic environment, broad auto-invocation can cause unreviewed instructions from local skill files to be pulled into active execution paths, increasing the chance of unintended actions or prompt-scope abuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document states that Cascade tracks real-time actions including edits, terminal activity, and clipboard contents, but it does not pair that capability with a clear privacy, consent, and data-handling warning. Users may expose sensitive code, secrets, commands, or copied credentials without understanding the collection scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Web Search and MCP are external-context features that can transmit prompts, code fragments, metadata, or secrets beyond the local environment, yet the skill does not clearly warn about that risk. In practice, users may invoke these tools while assuming all analysis remains local, leading to unintended disclosure to third-party services or external servers.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill documents a 'Turbo Mode' that auto-executes all commands without confirmation, but it does not prominently emphasize the safety implications. In an agent system that can generate shell commands, removing confirmations materially raises the risk of destructive filesystem changes, secret leakage, package installation abuse, or arbitrary command execution from incorrect model outputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The MCP example includes a literal credential field for GITHUB_TOKEN without warning against hardcoding or insecure storage. Readers may copy the pattern into shared config files, source control, or logs, exposing tokens that can grant repository access or enable lateral movement.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill explicitly documents a mode that auto-executes all terminal commands without confirmation, yet it does not prominently warn about destructive command execution, prompt injection, or command abuse in agent-driven workflows. In a skill for an autonomous coding agent with terminal access, this omission materially increases the chance that users enable unsafe execution and suffer filesystem, credential, or deployment-impacting actions.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **Model Flexibility**: Switch between SWE-1.5, Claude, GPT-5.x, Gemini 3, and BYOK models
- **Parallel Sessions**: Run multiple Cascade sessions simultaneously with Git worktrees support
- **Dedicated Terminal**: Reliable zsh shell for agent command execution
- **Turbo Mode**: Auto-execute terminal commands without manual confirmation
- **Fast Context**: SWE-grep powered code retrieval up to 20x faster

## Contents
Confidence
90% confidence
Finding
Auto-execute

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal