Analytics Tracking
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only analytics tracking guide with no executable install, but users should review privacy, account, and tracking-tag changes before implementing its examples.
This skill appears safe to use as an analytics implementation guide. Before applying its recommendations, review any local context file it may read, avoid sending PII to analytics tools, configure consent mode, test tags before publishing, and get account-owner approval for GA4, GTM, Facebook Pixel, or Google Ads changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Local marketing context may be read and used to guide analytics recommendations.
The skill uses a persistent local context file to shape recommendations. This is scoped and relevant to analytics planning, but the file contents could contain sensitive business context or untrusted instructions.
If `.agents/product-marketing-context.md` exists ... read it before asking questions. Use that context
Review the product-marketing context file and avoid storing secrets, credentials, or untrusted instructions in it.
Adding these tags can affect site behavior and collect visitor activity across pages.
The guide includes examples for deploying third-party JavaScript through GTM Custom HTML on all pages. That is expected for tracking setup, but it means code will run in visitors' browsers if implemented.
Tag Type: Custom HTML ... 'https://connect.facebook.net/en_US/fbevents.js'); ... Trigger: All Pages
Only deploy reviewed tags, verify pixel IDs and destinations, test in GTM Preview, use versioning, and ensure consent controls are configured.
Analytics and ad account settings could be changed, which may influence conversion reporting, remarketing, or bidding.
The instructions include account-level GA4 and Google Ads configuration steps. These are purpose-aligned, but they require appropriate account authority and can affect advertising measurement.
Admin > Product links > Google Ads links ... Import conversions in Google Ads
Have an authorized account owner review and approve GA4, GTM, and Google Ads changes before publishing them.
If implemented carelessly, user or account identifiers could be shared with analytics or advertising platforms.
The guide shows sending user identifiers to an external analytics provider. This is standard for analytics attribution, but it creates a data-sharing boundary that should be governed by consent and privacy rules.
gtag('config', 'GA_MEASUREMENT_ID', {
'user_id': 'USER_ID'
});Minimize identifiers, avoid PII, confirm legal basis and consent, and review provider privacy settings before sending user-level data.