Thrd Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent email-inbox integration with disclosed credentials, polling, and optional callback behavior; its main risks are ordinary operational controls, not hidden malicious behavior.

Install this only if you want an agent to operate a dedicated thrd.email inbox. Keep THRD_API_KEY in a secret manager, define clear approval rules for outbound email and billing upgrades, use the default Thrd API endpoint unless you trust the alternative, and only configure --on-events with harmless commands you would run yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: print(json.dumps(summary)) if on_events_cmd: subprocess.run(on_events_cmd, shell=False, check=False) ack = requests.post( f"{base_url}/v1/events/ack",
Confidence: 95% confidence
Finding: subprocess.run(on_events_cmd, shell=False, check=False)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill advertises safe email management, but this daemon includes a generic local command execution hook on event receipt. That expands the trust boundary significantly: any user, wrapper, or agent that can influence --on-events can turn inbound email activity into a trigger for arbitrary program execution on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal