Google Analytics Insights

The skill's purpose (GA4 analytics assistant) is plausible, but the setup instructions and code are inconsistent and the skill asks you to add a third-party service account (which grants that third party read access to your GA4 property) without clearly explaining how data will be accessed — this is a privacy/clarity risk you should understand before installing.

Before installing, understand how the skill will access your GA data: the SKILL.md asks you to add the provider's service account email as a Viewer, which lets that third party read your GA4 data from their own servers. If you do not want external parties to access your analytics, do NOT add that email. Ask the author whether queries run entirely on your machine (using a local service-account JSON you create) or whether the provider will query your property from their backend. Prefer providing your own service-account key (and keeping it local) rather than granting access to a third-party account. Also: review the bundled ga_insights.py (it creates ~/.openclaw/ga-insights and may set GOOGLE_APPLICATION_CREDENTIALS), test in a sandboxed environment first, and confirm the absence of any undisclosed remote endpoints or telemetry with the author. If the author cannot clearly explain why their service account is needed, treat this as a privacy risk.