Agent Revenue Analytics: Attribution, LTV, Cohorts, and Pricing Optimization for AI Agent Services

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only revenue analytics guide with live GreenHelix API examples that are mostly disclosed and aligned with the stated purpose.

Safe to install as a guide, but treat the Python examples as live integration code. Review them before running, use sandbox or least-privilege GreenHelix credentials, avoid production billing/customer data unless intended, and check any webhook registration before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill claims to be a non-executable educational guide, but later includes instructions to copy, configure, and run live code against external services. This mismatch can mislead users and reviewers about the operational risk, increasing the chance that secrets and customer billing data are transmitted without informed consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The markdown includes executable code that reads real environment variables and performs live network operations against an external API, including billing, invoice, customer, and webhook workflows. Because the surrounding text downplays execution risk and lacks prominent disclosure about data transmission, users may unintentionally expose sensitive business and customer information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal