surrealfs
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed SurrealDB-backed virtual filesystem guide, but users should treat its referenced runtime carefully because it can use credentials, persistent storage, telemetry, localhost HTTP, and host-side pipe commands.
Install only if you trust the external surrealfs and surrealfs-ai packages. Use dedicated least-privilege SurrealDB credentials, keep the HTTP server on localhost unless you add authentication and TLS, disable or audit Logfire telemetry for sensitive work, and sandbox or forbid pipe commands when prompts, URLs, or paths can be influenced by untrusted input.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.