ASO & App Cold Start — Organic First Mobile Growth System

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only ASO growth guide with no executable code, but it includes platform-detection evasion and review-manipulation advice that users should scrutinize before installing.

Use this only for legitimate ASO, keyword research, listing optimization, and transparent UGC planning. Do not follow or request advice about evading platform detection, running account farms, manipulating reviews, or bypassing social/app-store enforcement; check each platform's terms before applying any growth tactic.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The README explicitly states it includes guidance for scaling multiple AI-operated accounts 'without being detected by the platform,' which crosses from ordinary growth advice into evasive behavior. That makes the skill more dangerous in context because it is a practical app-growth playbook likely to be used operationally, so the language can facilitate policy evasion and account-integrity abuse rather than legitimate ASO.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly advertises guidance for scaling multiple AI-managed social accounts 'without being detected by the platform,' which is evasion-oriented behavior rather than ordinary marketing advice. In an agent skill, this can enable users to automate deceptive account operations that violate platform rules and increase risk of spam, impersonation, or coordinated manipulation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly advertises guidance for operating multiple AI-generated accounts 'without being detected by platforms,' which normalizes evasion of platform enforcement rather than compliant marketing operations. In the context of an agent skill, this can enable deceptive account farming, policy violations, and downstream abuse such as spam or inauthentic amplification.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Describing large-scale multi-account AI operations without any warning about platform-policy or enforcement risks normalizes conduct that can violate platform rules and degrade ecosystem trust. In an ASO/growth skill, omission of safeguards is especially risky because readers may treat the content as endorsed operational guidance and implement deceptive growth tactics at scale.

Natural-Language Policy Violations

High

Confidence: 98% confidence
Finding: The phrase about operating multiple accounts 'without being detected' is an overt evasion cue and a strong policy-risk indicator. Because the skill is positioned as an actionable growth manual, this content could directly encourage deceptive platform manipulation, enforcement avoidance, and coordinated inauthentic behavior.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad terms like "ASO," "app launch," "user acquisition," and "app growth," which are common across many general business and product discussions. This can cause the skill to activate outside its intended scope, increasing the chance of irrelevant invocation, prompt hijacking exposure, or accidental routing of unrelated user requests into this skill.

Ssd 2

Medium

Confidence: 97% confidence
Finding: The line promising a 'complete guide' to scaling multiple accounts while avoiding platform detection directly instructs stealthy operational behavior. This is dangerous because it normalizes bypassing trust and safety controls, and in the context of an AI skill could operationalize policy-violating mass account activity at scale.

Ssd 2

Medium

Confidence: 97% confidence
Finding: The phrasing frames stealth as a feature: it teaches users how to scale multiple accounts while evading detection, which is a classic indicator of platform-integrity abuse. Because this is a growth/marketing playbook rather than a defensive or policy-analysis document, the context makes the instruction more dangerous by turning deception into an operational tactic.

Ssd 2

Medium

Confidence: 94% confidence
Finding: Even though phrased as a growth tactic, the instruction promotes evasion of platform detection while scaling multiple accounts, which can enable spam, sockpuppeting, and manipulation of recommendation systems. The surrounding skill context does not justify this behavior; instead, it increases risk because it packages the tactic as repeatable business advice.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal