SurfAgent

Control a real Chrome browser via SurfAgent — navigate, click, type, screenshot, extract data, crawl sites, and automate web workflows. Uses your persistent...

Before installing, be aware this skill gives an agent the ability to control your real Chrome profile (read/set cookies, run JS, extract page contents). That is necessary for the described features but can expose sensitive data. Things to do before use: (1) Verify you install the SurfAgent daemon only from the official surfagent.app and review its GitHub repos; (2) do not set SURFAGENT_DAEMON_URL to a remote server you don't control — keep it at localhost unless you explicitly trust the endpoint; (3) review the surfagent-mcp npm package before running npx (it will be downloaded/executed); (4) run the daemon and the skill in an isolated account, container, or VM if you want to limit exposure of your primary browser profile; (5) require explicit, interactive user confirmation before letting an agent perform actions that access cookies, evaluate JS, or extract entire pages; and (6) ask the skill author to correct the registry metadata inconsistency (the SKILL.md declares SURFAGENT_DAEMON_URL but the registry metadata lists none). If you cannot confirm these points, treat the skill as high-risk and avoid installing it on machines with sensitive browser sessions.

Type: OpenClaw Skill Name: surfagent Version: 1.0.0 The skill bundle provides an AI agent with extensive control over a user's local Chrome browser, including high-risk capabilities such as reading and setting browser cookies (`browser_cookies`) and executing arbitrary JavaScript (`browser_evaluate`) within the page context. While these features are aligned with the stated purpose of advanced browser automation and session persistence, they grant the agent access to sensitive login data and the ability to perform actions on the user's behalf. The reliance on an external local daemon and an MCP server (`surfagent-mcp`) further expands the attack surface, as documented in SKILL.md and README.md.