google analytics and search improve
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears aligned with analytics and SEO auditing, but it will use and store sensitive website analytics credentials and data while running local scripts.
Before installing, confirm you are comfortable giving it access to GA4/GSC/Bing data, use least-privilege read-only credentials, keep the .skills-data directory private, review any Python setup or generated scripts, and clean up stored credentials and exports after the audit.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may read analytics and search-console data for any Google property that the selected service account can access.
The scripts can automatically use a Google service-account key placed in the skill's config directory. This is coherent with GA4/GSC analysis, but the credential is sensitive and should be narrowly scoped.
First ``*.json`` file (alphabetically) inside ``DATA_DIR/configs/`` ... ``GOOGLE_APPLICATION_CREDENTIALS`` is set
Use a dedicated read-only service account for the specific site/property, keep only the intended JSON key in the configs directory, and remove credentials when the analysis is complete.
Local project files may retain traffic data, search queries, reports, logs, and credentials after the task finishes.
The workflow persists raw analytics data, analysis outputs, configuration, and service-account keys under the skill data directory. This is disclosed and purpose-aligned, but the stored data may be sensitive.
.env # Configuration (auth, URLs, etc.) ... data/ # Raw data only: API responses, user-uploaded CSVs ... configs/ # Config files (including Service Account JSON keys)
Protect the .skills-data directory, avoid committing it to source control, and delete or rotate stored credentials and raw exports when no longer needed.
Using the skill may run local Python code that reads input data and writes analysis outputs, charts, and reports.
The skill's core workflow expects local Python script creation and execution. That is central to its data-analysis purpose, but it is still an execution capability users should notice.
All data analysis MUST be done through code ... Write a Python script ... Execute the script
Run it in a project-specific virtual environment, review generated scripts and shell commands, and avoid running it with broader filesystem or credential access than needed.
If dependencies are installed, the environment may fetch newer package versions from PyPI than the author originally tested.
The script package depends on external Python packages using lower-bound constraints rather than exact pinned versions. This is common for Python tooling, but users should be aware of dependency provenance.
"google-api-python-client>=2.194.0", "google-auth>=2.49.2", "requests>=2.33.1", "matplotlib>=3.10.8"
Install in an isolated virtual environment and consider pinning or locking dependency versions before using the skill with sensitive credentials.