Millimetric Query
ReviewAudited by ClawScan on May 17, 2026.
Overview
This instruction-only skill uses a Millimetric read key to fetch analytics, including raw user-level events, and the sensitive access is disclosed and aligned with its purpose.
This skill appears safe for its stated read-only analytics purpose. Before installing, confirm you intend to let the agent query Millimetric, use a read-only rk_* key, keep MILLIMETRIC_HOST pointed at the official Millimetric API, and avoid requesting or sharing broader raw event data than necessary.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with this key can read the analytics data allowed by the key.
The skill requires and uses a live Millimetric account credential to access analytics. This is disclosed and purpose-aligned, but it is still sensitive account access.
Uses an `rk_live_…` key (read scope). ... -H "Authorization: Bearer $MILLIMETRIC_RK"
Use only a read-scoped rk_* key, keep it out of logs and shared transcripts, and rotate it if it is exposed.
Queries may reveal private business analytics or user behavior data in the chat output.
The documented queries can bring raw, user-level analytics events into the agent's response context, including user_id and anonymous_id filters.
### Raw events ... Filters: `event`, `source`, `medium`, `country`, `user_id`, `anonymous_id`, `limit` (1–1000).
Ask for the narrowest needed date range, event type, and user filter; avoid pasting or storing raw event output where others can see it.