GA4 Analytics Toolkit
ReviewAudited by ClawScan on May 10, 2026.
Overview
The toolkit mostly matches its analytics purpose, but it includes high-impact Google indexing actions and local file storage helpers that are not tightly bounded.
Install only if you trust the publisher and need Google Analytics/Search Console automation. Use a dedicated least-privilege Google service account, avoid granting Indexing API rights unless required, require confirmation before any reindexing or URL removal, and keep the local results directory private.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could request indexing changes that affect search visibility for URLs tied to the service account.
The skill includes a function that can request URL deletion from Google's index using a caller-supplied URL, with no visible domain check or explicit confirmation guard in the function.
export async function removeFromIndex(url, options = {}) { ... requestBody: { url, type: 'URL_DELETED' }Require explicit user confirmation for every indexing mutation, validate URLs against SEARCH_CONSOLE_SITE_URL, and consider disabling or removing URL deletion unless the user specifically needs it.
A mistaken or adversarial call could cause the agent to read JSON files outside the intended results folder or write generated result files into unexpected local directories.
The storage helper accepts caller-controlled category and filepath values without showing path normalization or containment to the results directory, creating path traversal or unintended local JSON read/write risk.
const categoryDir = join(settings.resultsDir, category); ... writeFileSync(filepath, JSON.stringify(result, null, 2), 'utf-8'); ... export function loadResult(filepath) { ... readFileSync(filepath, 'utf-8'); }Constrain reads and writes to the configured results directory, reject absolute paths and '..' segments, and expose only scoped result-loading functions to the agent.
Anyone who can use the configured environment may be able to access the Google properties and indexing APIs available to that service account.
The skill asks users to provide a Google service account private key. This is expected for GA4/Search Console/Indexing access, but it is sensitive authority and registry metadata does not declare a primary credential.
GA4_CLIENT_EMAIL=service-account@project.iam.gserviceaccount.com GA4_PRIVATE_KEY="<your-service-account-private-key>"
Use a dedicated least-privilege service account, grant only the required properties and APIs, rotate the key if exposed, and avoid enabling Indexing API permissions unless needed.
Saved result files may contain sensitive business analytics and can be reused or exposed later if the project directory is shared or committed.
The skill intentionally persists retrieved analytics, Search Console, revenue, demographic, and realtime data to local files for later summaries.
All results automatically save as timestamped JSON files to `results/{category}/`.Keep the results directory private, add it to .gitignore if appropriate, and delete or redact old result files when they are no longer needed.
Installing dependencies from an unknown-source skill can run package lifecycle behavior or introduce vulnerable packages.
The skill is described as instruction-only in the install metadata, but its setup asks users to install Node dependencies. This is disclosed and user-directed, but dependency provenance should be reviewed.
Install dependencies: ```bash cd scripts && npm install ```
Review scripts/package.json and scripts/package-lock.json before installing, use a clean workspace, and avoid running the setup with elevated privileges.