PostHog
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a legitimate PostHog helper, but it grants broad PostHog API authority and exposes account-changing actions without clear registry declarations or confirmation safeguards.
Install only if you want the agent to operate on your PostHog project. Use least-privilege API keys, set POSTHOG_HOST only to a trusted PostHog/self-hosted domain, and require explicit review before any create, update, delete, capture, or broad HogQL query.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If given a broadly scoped key, the agent could read private analytics/person data and modify PostHog resources allowed by that key.
The skill asks for a personal PostHog API key and describes broad private API authority. This is purpose-aligned, but high-impact and under-declared relative to the supplied registry metadata, which lists no primary credential or required env vars.
POSTHOG_API_KEY (required): Personal API key ... Private (personal API key): query, CRUD for all resources
Use a least-privilege PostHog key scoped only to the actions you need, and avoid giving a full personal/admin token unless necessary.
A mistaken or over-eager agent action could change or delete a PostHog feature flag and affect users of the connected product.
The helper can create, update, and delete feature flags using the bearer token. Feature flags can affect production behavior, and the artifacts do not show confirmation prompts, dry-run mode, rollback guidance, or other safeguards for destructive/account-changing commands.
create-flag) ... _post -d @- ... update-flag) ... _patch -d @- ... delete-flag) ... _del "$HOST/api/projects/$PROJECT/feature_flags/$1/"
Require explicit user confirmation before write/delete commands, prefer read-only keys for analysis tasks, and add clear rollback or review steps for feature flag changes.
Users may not see the required tools and credential needs from the registry metadata alone.
The registry metadata lacks provenance and does not declare the helper's practical dependencies or credentials, even though the included artifacts document API keys and a Bash/curl/jq helper. No hidden download or remote installer is shown.
Source: unknown; Homepage: none; Required binaries: none; Env var declarations: none; Primary credential: none
Publish a source/homepage and declare the required environment variables, credential type, and helper dependencies in the registry metadata.