ClawHub

Agent Analytics

v4.0.10

Run analytics end-to-end from your agent without opening a dashboard. English-first workflow, with Chinese docs and content available. Create projects, ship...

2· 2.4k·18 current·20 all-time
byDanny Shmueli@dannyshmueli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the skill is a wrapper for the Agent Analytics CLI and consistently requires using `npx @agent-analytics/cli@0.5.5`. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits actions to running the official CLI via the pinned npx invocation, browser/OAuth login flows, creating projects, querying analytics, and instructing the user to add tracking snippets. It does not instruct the agent to read unrelated system files or request arbitrary secrets in chat (it explicitly advises against that).
Install Mechanism
There is no install spec (instruction-only), but runtime requires `npx` which will fetch and execute the npm package @agent-analytics/cli@0.5.5. This is expected for a CLI-centric skill but introduces normal npm supply-chain risk because code is fetched and executed at runtime; the skill does pin an explicit version which reduces some risk.
Credentials
No environment variables or credentials are declared or required by the skill. The documented login approaches use browser OAuth or a detached flow; token-based fallback is mentioned but the skill explicitly warns not to ask users to paste secrets into chat. Requested access appears proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-on, is user-invocable, and does not request global system changes or other skills' configs. It does not request permanent presence or elevated privileges in the manifest.
Assessment
This skill is internally consistent: it directs agents to use the official CLI via a pinned npx invocation and doesn't request unrelated secrets. Before installing, verify the npm package and GitHub repo yourself (check maintainer, recent releases, and package contents) because npx will download and execute remote code at runtime. Prefer the browser/OAuth detached login path the skill recommends instead of pasting tokens into chat; if you must use an API token, keep it out of chat and store it securely. If you manage sensitive environments, consider reviewing @agent-analytics/cli@0.5.5 source code or running the CLI in a sandboxed environment first. If you want stronger assurance, ask the maintainer for a signed release or an audit of the CLI package.

Like a lobster shell, security has layers — review code before you run it.

analyticsvk970wxjg3d376g67ck9bh2d1ms80xct2latestvk974w16fe42e77kfvvqqgn2mgx844x75trackingvk970wxjg3d376g67ck9bh2d1ms80xct2webvk970wxjg3d376g67ck9bh2d1ms80xct2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binnpx

Comments