Remove Analytics
v0.1.0Safely remove Google Analytics from a project. Cleans up all tracking code, dependencies, and environment variables.
⭐ 1· 1.7k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: the SKILL.md focuses on finding and removing Google Analytics traces (gtag, dataLayer, googletagmanager scripts, related npm packages and env vars). The skill asks for nothing extraneous (no credentials, no system-wide paths).
Instruction Scope
Instructions are appropriately scoped to the stated goal but are destructive and pattern-based. Risks: naive pattern searches (e.g., any symbol containing 'GA_' or 'gtag') may remove unrelated code or variables; the skill tells the agent to run package uninstall commands and edit files including .env.example. The SKILL.md requires explicit user confirmation before acting, which mitigates accidental runs.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded by the skill itself, which minimizes supply-chain risk.
Credentials
The skill requests no environment variables or credentials. It only searches for environment-variable-looking names in project files and .env.example; this is proportional to removing analytics.
Persistence & Privilege
always is false and model invocation is disabled (disable-model-invocation: true), so the skill cannot run autonomously. It does instruct destructive file edits, but it does not request persistent presence or system-wide configuration changes.
Assessment
This skill appears to do what it says — find and remove Google Analytics traces — but it performs destructive, pattern-based edits to your repository. Before installing or running it: 1) ensure you have a current VCS commit or backup; run the skill in a feature branch or a clone; 2) require and verify the explicit confirmation prompt before applying changes; 3) review every proposed removal (files, import deletions, package uninstall commands) to avoid removing unrelated code that matches broad patterns like 'GA_' or 'gtag'; 4) remember .env.example is edited but .env (with real values) may need manual review — the skill notes this as a manual step; 5) after changes, run tests and inspect package-lock or yarn.lock for unintended dependency changes; 6) check for server-side analytics endpoints, consent handling, or other telemetry sources that pattern searches might miss. If you want extra safety, ask the skill to produce a dry-run report (list of matches and proposed edits) and create a PR rather than applying changes directly.Like a lobster shell, security has layers — review code before you run it.
latestvk9764rte6yzvz1tzsj2x8961f180cvm5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.