Oathe Security Badge

Is asksurf-ai/surf-skills safe?

https://github.com/asksurf-ai/surf-skills

79
CAUTION

The surf skill provides legitimate cryptocurrency data functionality via API calls, with transparent documentation and user permission requests for file modifications. However, sensitive credential files were accessed during the installation session, raising security concerns despite no evidence of exfiltration.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 65/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

MEDIUM Sensitive credential files accessed during session -35

Multiple sensitive credential files including .env, SSH private keys, AWS credentials, NPM config, Docker config, and Google Cloud credentials were accessed during the installation session. While no exfiltration occurred, this access pattern raises security concerns.

LOW Dependency on external CLI tool -20

The skill requires installation of an external Surf CLI tool from agents.asksurf.ai, which introduces additional attack surface and dependency on external infrastructure.

LOW Honeypot files accessed but not modified -15

Canary/honeypot files were accessed during the session, indicating potential reconnaissance activity, though no modifications or exfiltration occurred.

INFO Project file modification with permission -10

The skill requests permission to modify AGENTS.md or CLAUDE.md files to inject routing rules, but this is transparent and requires explicit user consent via AskUserQuestion.