Analytics Tracking
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only analytics setup guide; it includes expected tracking and third-party tag guidance that users should apply with privacy review.
This skill appears safe to install as an instruction-only analytics guide. Before using its examples in production, review any tracking tags, confirm consent and privacy requirements, avoid sending PII, and check the local product-marketing context file if your agent uses it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Analytics advice may be based on existing project context stored in the workspace.
The skill uses a persistent local project context file to shape its analytics recommendations. This is scoped and purpose-aligned, but users should ensure that file is accurate and does not contain secrets or sensitive personal data.
If `.agents/product-marketing-context.md` exists (or `.claude/product-marketing-context.md` in older setups), read it before asking questions. Use that context...
Keep the product-marketing context file current, avoid placing secrets or unnecessary personal data in it, and review recommendations if the context file is shared or stale.
If copied into production, tracking tags may run third-party scripts for website visitors.
The reference guide shows how to add a third-party Facebook Pixel script through GTM custom HTML. This is expected for analytics/tag-manager work, but it means implemented snippets can execute third-party JavaScript on the user’s website.
Tag Type: Custom HTML ... t.src=v ... 'https://connect.facebook.net/en_US/fbevents.js'); ... fbq('track', 'PageView'); ... Trigger: All PagesReview all GTM custom HTML and third-party pixels before publishing, limit triggers to the intended pages/events, and test changes in GTM Preview mode first.
Implemented tracking can transmit user behavior, account attributes, and transaction metadata to analytics or advertising services.
The skill provides examples for sending event, purchase, and user-property data to analytics providers. This is central to the stated purpose and the artifacts include privacy reminders, but it still creates third-party data flows.
gtag('event', 'purchase', { 'transaction_id': 'T12345', 'value': 99.99, 'currency': 'USD', 'items': [...] }); ... gtag('set', 'user_properties', { 'user_type': 'premium', 'plan_name': 'pro' });Use consent controls, avoid PII in event properties, document what data is sent to each provider, and confirm compliance requirements such as GDPR before deploying.