surrealdb
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates an exceptional security posture. It includes a dedicated
SECURITY.mdfile, aSOURCES.jsonfor provenance tracking, and a CI script to ensure version consistency. All diagnostic scripts are auditable and follow PEP 723 for transparent dependency management. - [COMMAND_EXECUTION]: The Python scripts (
doctor.py,onboard.py,schema.py) execute local shell commands such assurreal versionandgh api. These operations are used exclusively for environment verification and update monitoring. User-supplied inputs, such as table names inschema.py, are strictly validated against a safe alphanumeric regex ([a-zA-Z_][a-zA-Z0-9_]*) to prevent command or query injection. - [EXTERNAL_DOWNLOADS]: External references are limited to the official SurrealDB vendor organization on GitHub and standard package registries (PyPI, npm). The documentation proactively warns users about potential supply-chain risks, such as setup-time native library downloads in the experimental SurrealML package.
- [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive data by using environment variables (
SURREAL_USER,SURREAL_PASS) and explicitly marking them as sensitive in the manifest. No hardcoded secrets or insecure credential storage patterns were found.
Audit Metadata