Windsurf
v1.0.0Windsurf AI IDE 助手,精通 Cascade Agent、AI Flow、规则配置、快捷键
⭐ 0· 147·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (Windsurf AI IDE assistant with Cascade/AI Flow) align with the SKILL.md: it documents features like multi-step agents, project indexing, file read/write, and terminal command execution, which are expected for an IDE agent.
Instruction Scope
The SKILL.md explicitly describes behaviors that read and modify the entire project, run terminal commands (e.g., npm install, git commit), and reference a per-project rules file (.windsurfrules) and a global config (~/.windsurf/global_rules.md). This is coherent for an IDE assistant, but it implies broad filesystem and command execution capability — users should be aware the agent can change code and run shell commands.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no declared binaries — lowest-risk install surface and consistent with a documentation/behavior guidance skill.
Credentials
No environment variables, credentials, or config paths are declared as required. The only file paths mentioned are the project-level .windsurfrules and the optional ~/.windsurf/global_rules.md, which are reasonable for a per-project/global IDE configuration.
Persistence & Privilege
always is false and the skill uses the platform-default model invocation behavior; nothing requests permanent forced inclusion or modification of other skills' configs. Autonomous invocation is allowed by default (normal), but combined with the described file/command capabilities it increases the importance of user controls.
Assessment
This skill is internally consistent with an IDE assistant: it expects to index your project, edit files, and run build/git commands. Before installing, consider: 1) only enable autonomous runs if you trust the skill and environment; prefer Chat/interactive modes for sensitive projects; 2) do not keep secrets in source files or in the global rules file (~/.windsurf/global_rules.md); putting .env in .gitignore helps with git commits but does not prevent local file reads—treat it as a safeguard, not a guarantee; 3) keep backups or use a branch when allowing automatic commits, and review all automated diffs/commits; 4) if you want lower risk, restrict the skill's permissions or disable autonomous invocation where possible. Overall the skill appears coherent and not malicious, but its ability to modify code and run shell commands means standard caution is warranted.Like a lobster shell, security has layers — review code before you run it.
latestvk9767rmk1r8x17knesnhggt2pn83aynd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.