Eventee

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Eventee integration, but it needs Review because its description is inconsistent and it can change or delete event data without documented confirmation safeguards.

Install only if you intend to connect an Eventee account through Membrane. Treat the skill as able to read and modify event content, require explicit confirmation before any create/update/delete action or non-GET proxy request, and verify the exact event and resource before allowing changes. The publisher should correct the description to match Eventee and add mutation safeguards.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises destructive delete operations without any guidance to require explicit user confirmation, dry-run behavior, or safeguards. In an agentic context, this increases the risk of accidental or overly eager deletion of event data if the model interprets ambiguous user intent as authorization to delete.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal