surrealism

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SurrealDB WASM extension guide with a weak local credential example, but no hidden code or malicious behavior.

Use this as a development reference. Run the commands only against a local or disposable SurrealDB instance, replace default root credentials with a strong least-privilege account outside isolated testing, and review any Rust/WASM module before registering it in a database.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The quick-start instructs users to connect to a live SurrealDB instance using the built-in root account and an inline password, but provides no warning that these are example credentials, no guidance to use a local disposable environment, and no advice against shell history leakage. This can normalize unsafe operational behavior and lead users to paste privileged credentials into terminals or reuse insecure defaults against real databases.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal