ClawHub

yandex-metrika-assistant

v1.0.0

OpenClaw + Яндекс.Метрика API — stat/Logs/management, OAuth, presets, UTM, цели, CSV, квоты; плагин yandex-metrika-assistant.

0· 62·0 current·0 all-time
byArtur Horosheff@horosheff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Yandex.Metrika assistant) match the content: docs describe management, reports, Logs API, imports and OAuth; the only sensitive thing is an OAuth token which the plugin schema exposes as an optional config field. Nothing in the package requests unrelated services or credentials.
Instruction Scope
SKILL.md is detailed and instructs the agent to only use the token from plugin config, YANDEX_METRIKA_OAUTH_TOKEN, or a one‑time user-provided token, and explicitly forbids echoing or committing tokens. All example API endpoints are the official api-metrika.yandex.net. Minor note: the docs recommend the implicit OAuth flow (response_type=token) which exposes tokens in the browser fragment — acceptable for client flows but less ideal for long‑lived server use; the docs do mention the authorization‑code flow for server scenarios.
Install Mechanism
Instruction-only skill: no install spec, no downloads or binaries. All files are docs and openclaw plugin metadata; no executable code is included in the package to write/execute on host.
Credentials
No required env vars declared by registry metadata. The plugin exposes an optional oauthToken and optional oauthClientId/defaultCounterId in its configSchema — proportional for a metrics integration. The SKILL.md consistently limits where tokens come from and discourages pasting tokens into chat or repos.
Persistence & Privilege
always:false and no requests to modify other skills or system settings. The plugin expects to store its own oauthToken in its config (normal). Autonomous invocation is allowed by platform default but is not combined with other red flags here.
Assessment
This skill appears to do exactly what it says: call Yandex.Metrika APIs and help with OAuth and report generation. Before installing: (1) confirm you only grant the OAuth scopes you actually need (if you only need read access avoid requesting metrika:write), (2) store the access token in OpenClaw secrets or YANDEX_METRIKA_OAUTH_TOKEN rather than pasting it in chat, (3) review the referenced GitHub repo (scripts like the OAuth exchange) if you plan to run them, and (4) remember the implicit flow (response_type=token) returns tokens in the browser URL fragment — for server integrations prefer the authorization-code flow with refresh tokens/secret. If you want further assurance, check the upstream GitHub repo history and the optional scripts mentioned in docs before running any of them.

Like a lobster shell, security has layers — review code before you run it.

ArturHorosheffvk9791s2mjqyj25xfnz544zw39983qex5latestvk9791s2mjqyj25xfnz544zw39983qex5metrikavk9791s2mjqyj25xfnz544zw39983qex5yandexvk9791s2mjqyj25xfnz544zw39983qex5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments