Surfline (public)

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Surfline forecast helper that uses public Surfline endpoints and limited local caching without signs of hidden or unsafe behavior.

Install only if you are comfortable sending searched spot names and Surfline spot IDs to Surfline. Be aware that cached forecast responses and favorites can remain on your machine under the Surfline cache/config paths unless you delete them or set a different cache directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation describes and instructs use of network access plus local file read/write and likely environment access through Python scripts, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or reviewer may treat the skill as lower risk than it really is, even though it can reach external endpoints and persist local data.

Session Persistence

Medium

Category: Rogue Agent
Content: 3) Favorites summary (multiple spots) (prints text + JSON by default): Create `~/.config/surfline/favorites.json` (see `references/favorites.json.example`). ```bash python3 scripts/surfline_favorites.py
Confidence: 81% confidence
Finding: Create `~/.config

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal