It looks like it’s able to send sysrq commands without requiring local access in Virtualbox VMs although I don’t really know.
Useful on VirtualBox host. Usability only. It simplifies sending sysrq key sequences to VirtualBox VMs using vboxmanage command. No security impact. Only automates what one can (cumbersome) do manually. If inside VM Linux had sysrq restrictions, this could do nothing.
So it can’t be used within the VMs?
Could only be used when using nested virtualization such as VirtualBox inside VirtualBox. Inside VirtualBox Linux could send sysrq key sequences to nested VirtualBox Linux which can then decide to honor or ignore it (sysctl setting).
A script run as user cannot suddenly run sysrq (or other things) if that requires root/sudo. It’s not an exploit. And there are no other tricks too (compiled code, setuid).