Paywall Upgrade Cro

Security checks across malware telemetry and agentic risk

Overview

This is a paywall optimization guide with no executable code or install steps; its main cautions are broad activation wording and optional reading of a local product-marketing context file.

Install only if you want the agent to advise on in-app upgrade and paywall experiences. Review any local product-marketing context file first, and route general pricing strategy, billing disputes, or public pricing page work to a more specific skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill’s invocation text is unusually broad and includes generic phrases such as 'how do I get users to pay,' which can cause the agent to route many loosely related monetization requests into this skill. Overbroad routing is a real security and safety issue because it can override more appropriate, narrower skills and lead to misapplication of persuasive monetization guidance in contexts the user did not intend.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The eval explicitly expects the skill to trigger on casual phrasing ('when should we show upgrade prompts?'), which broadens activation beyond clear paywall-specific requests. Overly permissive routing can cause the wrong skill to engage on general product or UX questions, leading to scope confusion, reduced reliability, and potentially inappropriate persuasive guidance in contexts where it was not intended.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal