安全扫描
OpenClaw
安全
high confidenceThe skill is an instruction-only analytics auditor whose requested resources and instructions are consistent with its stated purpose and do not ask for unrelated credentials or installs.
评估建议
This skill is instruction-only and appears internally consistent for auditing analytics code. Before installing or running it: (1) be aware the audit requires reading your project files — run it against a non-sensitive or sanitized copy if you have private data; (2) the SKILL.md is high-level about where to search, so review the agent's reported file paths and results for false positives; (3) the skill does not request network exfiltration or credentials, but the agent runtime may have network a...详细分析 ▾
✓ 用途与能力
Name and description match the instructions: the SKILL.md describes searching a codebase for Google Analytics/GTM/third-party analytics patterns and producing an audit report. It does not request unrelated binaries, credentials, or config paths.
ℹ 指令范围
Instructions are scoped to locating analytics integrations and producing a report. They imply reading project files (searching for patterns like 'gtag', 'GTM-', etc.), which is appropriate for this audit task. The guidance is somewhat high-level (no exact file-glob commands or paths), so the agent will have discretion about how broadly to scan the repository; that is expected for an audit but worth noting.
✓ 安装机制
No install spec and no code files — instruction-only. Nothing will be downloaded or written by the skill itself.
✓ 凭证需求
The skill declares no environment variables, credentials, or config paths. The checks described (IDs, debug flags, async loading, consent mode, etc.) don't require secrets or external credentials, so no disproportionate access is requested.
✓ 持久化与权限
always is false and the skill is user-invocable. The skill does not request permanent presence or modify other skills or system settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/3
● 无害
安装命令 点击复制
官方npx clawhub@latest install check-analytics
镜像加速npx clawhub@latest install check-analytics --registry https://cn.clawhub-mirror.com
技能文档
You are auditing the Google Analytics implementation in this project.
Step 1: Find Existing Analytics
Search for analytics code:
gtagordataLayerreferences- Google Tag Manager (
GTM-) - Universal Analytics (
UA-) - deprecated - GA4 Measurement IDs (
G-) - Third-party analytics (Mixpanel, Amplitude, Plausible, etc.)
Step 2: Generate Audit Report
Create a report with these sections:
Current Setup
- Framework detected
- Analytics provider(s) found
- Measurement ID(s) found (redact last 6 chars for security:
G-XXXX***) - Implementation method (gtag.js, GTM, npm package)
Issues Found
Check for:
- Deprecated UA properties - Universal Analytics sunset July 2024
- Missing pageview tracking for SPAs
- Hardcoded Measurement IDs (should use env vars)
- Missing TypeScript types for gtag
- No consent mode implementation
- Debug mode in production (check for
debug_mode: true) - Duplicate script loading
- Missing error boundaries around analytics code
- Blocking script loading (should be async)
- No fallback for ad-blocker scenarios
Recommendations
Provide actionable fixes ranked by priority:
- 🔴 Critical (breaking/deprecated)
- 🟡 Warning (best practice violations)
- 🟢 Suggestion (optimizations)
Event Coverage Analysis
List custom events being tracked and suggest missing ones:
- Sign up / Login events
- Purchase/conversion events
- Form submissions
- Error tracking
- Key user interactions
Output Format
# Analytics Audit ReportSummary
- Status: [Healthy / Needs Attention / Critical Issues]
- Provider: [GA4 / GTM / Other]
- Framework*: [detected framework]
Current Implementation
[describe what was found]Issues
🔴 Critical
[list critical issues]🟡 Warnings
[list warnings]🟢 Suggestions
[list suggestions]Event Coverage
Event Type Status Recommendation Page Views ✅ - Sign Up ❌ Add sign_up event ... ... ...
Next Steps
- [ordered action items]
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制