Agreed.

I know it's not malicious on the part of any dev, but I've encountered several nostr apps prompting for signing multiple events of mysterious kinds.

Including events in a non-interactive context like loading a website an being asked for a signature.

Sign (or prompt to) events only when absolutely necessary. Be explicit about what's not obvious. Maybe we need work on UI/UX design around prompts?

nostr:note1tm93m6cvr2xpnafeschzsp7sgxurqszm0jzxrgar757eeuzanu0sqgv98e