Backend Event Stores

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only event-store guide, with some production-safety caveats in sample code but no evidence of malicious or hidden behavior.

Safe to install as a reference skill if you trust the GitHub source. Treat the included database code as illustrative, and verify or harden the EventStoreDB and DynamoDB concurrency/idempotency patterns before using them in production.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The DynamoDB example presents an append API with an expected_version parameter, but the implementation uses batch_writer without any conditional expressions, so concurrent writers can overwrite append assumptions and create duplicate or out-of-order logical versions. In an event store, missing optimistic concurrency and idempotency directly undermine stream integrity, allowing lost updates, duplicated events, and corrupted aggregate state.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The EventStoreDB sample describes revision-based concurrency control but passes the expected revision using the wrong parameter name, which can cause the check to fail, be ignored, or lead developers to copy broken code. In event-sourced systems, an incorrect concurrency call can silently disable optimistic locking and permit conflicting writes to the same stream.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal