GA4 Connector
PassAudited by ClawScan on May 1, 2026.
Overview
This GA4 connector looks purpose-aligned, but it will install Python packages and store a Google OAuth token locally so it can read GA4 reports.
Before installing, confirm you trust the included scripts, use the intended Google account and GA4 property, understand that a reusable OAuth token will be saved under ~/.config/openclaw, and consider using a virtual environment or pinned dependencies if this is for a sensitive business environment.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The authorized account's GA4 data can be read by this connector, and anyone who can access the local token file may be able to reuse that access.
The script obtains Google OAuth authorization with a read-only Analytics scope and stores the resulting token locally for reuse.
SCOPES = ["https://www.googleapis.com/auth/analytics.readonly"] ... DEFAULT_TOKEN_FILE = CONFIG_DIR / "ga4-token.json" ... token_path.write_text(creds.to_json())
Authorize only the correct Google account, keep ~/.config/openclaw private, and delete or revoke ga4-token.json when you no longer want the connector to have access.
Dependency updates or package-source issues could affect the local setup or behavior over time.
The installer pulls unpinned Python packages into the user's environment; this is expected for the connector but depends on current package-source resolution.
python3 -m pip install --user google-analytics-data google-auth-oauthlib google-auth-httplib2
Run the installer only from the reviewed skill directory, and consider a virtual environment or pinned dependency versions for sensitive environments.
The local shell configuration is changed so future terminals inherit the GA4 property ID.
The setup script executes embedded Python to edit the user's shell startup file, creating a persistent GA4_PROPERTY_ID setting.
python3 - <<PY ... text += 'export GA4_PROPERTY_ID="$PROPERTY_ID"\\n' ... rc.write_text(text)
Run setup intentionally, use a normal numeric GA4 property ID, and inspect or remove the added line from ~/.bashrc or ~/.zshrc if needed.