Event Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local novel-event file manager with disclosed create, update, delete, query, and export behavior.

Install only if you are comfortable with a local CLI that can create, update, export, and delete event files in your chosen project directory. Keep backups before using delete, and consider pinning dependency versions if you need reproducible installs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented `delete` operation is presented alongside other commands without any warning that it may permanently remove event archives or related project data. In an agentic workflow, this is dangerous because destructive commands can be selected or automated without the operator appreciating the risk of irreversible data loss.

Unpinned Dependencies

Low

Category: Supply Chain
Content: pyyaml>=6.0.1 rich>=13.7.0
Confidence: 92% confidence
Finding: pyyaml>=6.0.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: pyyaml>=6.0.1 rich>=13.7.0
Confidence: 89% confidence
Finding: rich>=13.7.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 95% confidence
Finding: pyyaml

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal