Theta EdgeCloud Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Theta EdgeCloud integration that can spend credits and use credentials only through user-invoked Theta API commands.

Install only if you intend to use Theta EdgeCloud as a backend. Provide your own Theta credentials, start with THETA_DRY_RUN=1 for mutating deployment or video operations, and confirm before routing private prompts, documents, or paid workloads to Theta services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation text is broad enough to trigger on generic requests about reducing or optimizing AI execution costs, which can cause the skill to engage in situations where the user did not specifically intend to use Theta EdgeCloud. In an agent ecosystem, over-broad routing can lead to unintended external API use, unexpected spend, and unnecessary exposure of prompts or workload data to a third-party service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal