Back to skill

Security audit

PostHog

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate PostHog API helper, but it gives an agent broad access to analytics data and production-affecting changes without enough safety guardrails.

Install only if you intend to let the agent operate on a PostHog project. Use a least-privilege API key, avoid admin/write scopes unless needed, keep PostHog secrets out of logs and chat, confirm every create/update/delete or broad HogQL query manually, and treat person-level analytics and session recordings as sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill explicitly supports querying persons, session recordings, events, and feature flags, which can expose sensitive analytics and user-linked data, yet it provides no privacy warning or guidance on safe handling. In practice, this increases the risk of over-collection, accidental disclosure, or querying personal data without adequate user awareness or approval.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
This reference documents multiple destructive private endpoints, including DELETE operations and bulk deletion of persons, but provides no warnings, guardrails, or confirmation requirements. In an agent skill context, that omission increases the chance an automated system or user will invoke irreversible operations against production analytics data without understanding the consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file instructs use of personal API keys and references access to persons and query capabilities without any credential-handling, privacy, or data-minimization guidance. In this skill context, those endpoints can expose sensitive user data and broad project access, so missing warnings makes accidental secret leakage or over-collection more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.