surrealdb

SUSPICIOUS. The core purpose and official upstream relationship are broadly coherent, and the SurrealDB credentials are proportionate. However, two factors raise material risk: the unverified `pip install surrealfs-ai` install path and the explicit host command execution surface for pipe commands, which can fetch untrusted external content and write it into agent-accessible storage. Optional telemetry is disclosed but adds an extra external data flow. This looks more like a risky but plausibly legitimate skill than confirmed malware.