ASO & App Cold Start — Organic Discovery & UGC Growth Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a text-only app store optimization and growth guide with no executable code or hidden access requests.

This appears safe to install as an informational ASO and app-growth guide. Users should treat its marketing and pricing claims as advice to verify, and should ensure any UGC, AI account, or app-store tactics they adopt comply with platform rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains broad phrases such as "app growth," "app launch," and "TikTok marketing" that can match many unrelated user requests and cause the skill to activate outside its intended ASO/App Store optimization scope. Over-broad activation can route users into advice they did not ask for, increase prompt-surface exposure, and create confusing or unsafe automation behavior when multiple skills compete.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal