Is ga4-analytics safe?

https://clawhub.ai/adamkristopher/ga4-analytics

28
DANGEROUS

This skill is an empty shell that provides zero GA4 analytics functionality while exhibiting highly suspicious install-time behavior. During installation, it accessed /etc/shadow (password hashes), enumerated /etc/passwd 15+ times, and systematically probed the entire PAM authentication stack and security configuration. The skill identity is mismatched (lock.json references 'academic-research-hub' instead of 'ga4-analytics'), and no source code is present despite extensive system file access. This pattern is consistent with credential/authentication reconnaissance staging.

Category Scores

Prompt Injection 40/100 · 30%
Data Exfiltration 15/100 · 25%
Code Execution 30/100 · 20%
Clone Behavior 10/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 5/100 · 5%

Findings (8)

CRITICAL /etc/shadow accessed during installation -45

The skill installation process read /etc/shadow, which contains hashed user passwords. There is no legitimate reason for any skill installation to access this file. This is a strong indicator of credential reconnaissance.

CRITICAL Extensive PAM authentication config probing -50

During installation, the process read multiple PAM (Pluggable Authentication Module) configuration files including gdm-autologin, common-auth, common-account, common-password, common-session, and the fallback 'other' config. This maps the entire authentication stack of the host system.

HIGH Repeated /etc/passwd enumeration -20

The /etc/passwd file was read over 15 times during installation. While individual reads can be normal for user ID resolution, this volume suggests systematic user enumeration rather than incidental access.

HIGH Security limits and login configuration probed -20

The process read /etc/security/limits.conf, limits.d/ contents, /etc/login.defs (multiple times), and /etc/security/pam_env.conf. These files define security boundaries, resource limits, and login policies — useful for understanding what exploits are viable on this system.

HIGH Empty SKILL.md with identity mismatch -60

The SKILL.md is completely empty (no content), yet the skill claims to be a GA4 analytics tool. The lock.json references 'academic-research-hub' instead of 'ga4-analytics', indicating the skill's identity does not match its claimed purpose. This is either a deceptive shell or a misconfigured/repackaged skill.

HIGH Invisible execution with no source code -70

The skill contains only a lock.json file with no visible source code, yet generated extensive filesystem access to sensitive system files during installation. The execution mechanism is not visible in the repository contents, suggesting either transient code execution or exploitation of the install process itself.

MEDIUM Environment and locale probing -10

The process read /etc/environment, /etc/locale.conf, and /etc/locale.alias during installation. While less sensitive than auth files, this contributes to a system fingerprinting profile.

INFO Canary files not accessed 0

Honeypot files (.env, SSH keys, AWS credentials) were not accessed or modified. The reconnaissance focused on system-level auth configuration rather than user-level secret files.