Windsurf CLI agent

Type: OpenClaw Skill Name: windsurf-cascade Version: 1.0.0 The skill bundle primarily serves as documentation for the Windsurf Cascade AI agent, detailing its powerful capabilities including full write access to the codebase, direct terminal command execution, and integration with external tools via Model Context Protocol (MCP). It highlights high-risk features like 'Turbo Mode' (auto-execute all commands without confirmation) and 'Cascade Hooks' (execute custom shell commands). Example workflows in SKILL.md include `sudo` commands, GitHub CLI commands (`gh api`), and `npm run deploy:production`, which, if executed by the agent (especially in Turbo Mode or with unsanitized inputs), could lead to arbitrary code execution or data manipulation. While the skill itself does not contain explicit malicious instructions, it describes a system with significant vulnerabilities and RCE risks if misused or exploited, aligning with the 'suspicious' classification for documenting risky capabilities without clear malicious intent.