Back to skill

Security audit

GA4 Analytics

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Google analytics toolkit, but it also exposes a URL removal action that can affect search visibility without strong top-level disclosure or confirmation safeguards.

Review before installing. Use a dedicated least-privilege Google service account limited to the intended GA4 property and Search Console site, keep .env and results/ out of version control, and avoid exposing or invoking removeFromIndex() unless you explicitly intend to request URL removal and confirm each URL first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires environment-based secrets and network access to Google APIs, but it does not declare corresponding permissions. This creates a transparency and governance gap: users or hosting systems may not realize the skill can read credentials and exfiltrate analytics data over the network. In a data-access skill handling traffic, demographics, search queries, and revenue, undeclared capabilities increase the risk of over-privileged or unexpectedly data-accessing behavior.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill implements a URL removal capability that is more destructive than the documented skill scope, which only describes re-indexing and index-status inspection. Hidden or under-disclosed destructive functionality increases the chance of accidental misuse by an agent or user and can remove legitimate pages from search results, harming site availability and SEO.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that all analytics results are automatically saved to local JSON and markdown files, but it does not warn that those files may contain sensitive business data such as traffic patterns, search queries, demographics, conversions, and revenue. Persisting this data by default increases exposure through local compromise, accidental commits, shared workspaces, backups, or improper file permissions. The context makes this more dangerous because analytics and SEO datasets often contain commercially sensitive information even when they are not classic credentials.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Multiple API functions document `save` defaulting to `true`, which means analytics, search, and indexing outputs may be written to local JSON files automatically. In a toolkit handling potentially sensitive traffic, query, revenue, and indexing data, undocumented persistence increases the risk of unintended data retention, exposure to other local users/processes, and accidental inclusion in backups or source control.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The API reference documents `removeFromIndex(url, options?)` as a straightforward operation without an explicit warning that it requests URL removal from Google's index. In an agent skill context, this lowers operator awareness around a destructive SEO action that can deindex important pages and cause traffic loss if triggered mistakenly or via unsafe automation.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
URL inspection results are persisted to disk by default, and those results can contain sensitive operational site details such as crawl status, canonical URLs, and indexing diagnostics. Saving this data without explicit disclosure or consent increases the risk of unintended retention, exposure to other local users/processes, or later exfiltration from storage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The removeFromIndex function performs an external destructive action against Google's index with no explicit confirmation, dry-run, or user disclosure in the code path. In an agent setting, this creates a meaningful risk of accidental or unauthorized delisting of important pages, causing SEO damage and business impact.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The module automatically persists analytics output to disk without any indication in this code of user consent, disclosure, or opt-in control. Because GA4/Search Console outputs can contain sensitive business intelligence and site performance data, silent retention increases the risk of unintended local data exposure, over-retention, and surprises for operators who expect query-only behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This module automatically persists GA4, Search Console, and indexing results to disk for nearly every high-level operation, and the header explicitly states that all results are saved to the /results directory. Because these analytics datasets can include privacy-sensitive business intelligence and user-behavior data, writing them by default without explicit user opt-in, warning, retention controls, or redaction increases the risk of unintended local disclosure, over-retention, and secondary access by other users/processes on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.