ClawHub

Ga4 Data Api

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it stores Google Analytics OAuth files locally and edits shell startup configuration during setup.

Install only if you intend to let OpenClaw query your GA4 data. Treat ~/.config/openclaw/ga4-client.json and ~/.config/openclaw/ga4-token.json as sensitive, avoid using this on shared machines, review the ~/.bashrc or ~/.zshrc change, and delete the files or revoke the OAuth grant when you no longer need access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill describes copying an OAuth client secret and creating a reusable token file under ~/.config without an explicit warning that sensitive credentials will be stored locally. Users may unknowingly leave long-lived tokens or client secrets on disk, which increases exposure if the host is shared, backed up insecurely, or later compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently copies a sensitive OAuth client secret file into a persistent location under ~/.config/openclaw without warning, consent, or permission hardening. While the file is user-supplied and local, persistent storage of credentials increases the chance of accidental exposure through backups, misconfigured permissions, or later compromise of the account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script modifies the user's shell startup file to persist GA4_PROPERTY_ID without prior notice or confirmation. The value is not itself a secret, but silently editing shell initialization files is risky because it creates durable side effects, may overwrite user-managed configuration, and can be abused as a persistence mechanism pattern in less trustworthy skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal