Is chloepark85/plausible-analytics safe?

https://github.com/openclaw/skills/tree/main/skills/chloepark85/plausible-analytics

89
SAFE

The plausible-analytics skill appears to be a straightforward wrapper around the Plausible Analytics API with clean documentation and no prompt injection attempts. Installation monitoring detected no malicious behavior, and all canary files remained intact. The primary limitation is that the three .mjs script files were not captured in the evidence for static analysis, though runtime monitoring provides reasonable assurance of safety.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

MEDIUM Script source code not available for static analysis -15

The three core .mjs scripts (stats.mjs, realtime.mjs, breakdown.mjs) are listed in the file inventory but their source code was not captured in the evidence dump. This prevents full static analysis of what these scripts execute. Runtime monitoring showed no malicious behavior, but static verification would provide stronger assurance.

LOW API key passed to external service without verifiable endpoint validation -10

The skill uses PLAUSIBLE_API_KEY to authenticate with the Plausible Analytics API. Without the script source, we cannot statically verify that the key is only sent to the legitimate Plausible API endpoint (plausible.io). However, network monitoring during the sandbox run showed no connections to analytics endpoints at all (scripts were not invoked during install), and no suspicious outbound traffic was detected.

LOW Environment variable PLAUSIBLE_SITE_ID could leak site identity -5

The optional PLAUSIBLE_SITE_ID environment variable identifies the user's website. While this is expected functionality, if the scripts were compromised, this value combined with the API key could be used to access or leak analytics data.

INFO Skill instructs agent to execute node scripts -5

The SKILL.md documentation instructs the agent to run node commands (e.g., 'node scripts/stats.mjs'). This is the intended and expected behavior for an analytics skill, and the commands are well-scoped with clear parameters. No evidence of instruction override or privilege escalation.

INFO Clean installation with no anomalous behavior -5

Installation consisted of a standard git clone from GitHub. No post-install scripts executed, no unexpected network connections, no filesystem modifications outside expected paths. All auditd-logged processes were from the monitoring framework and normal Ubuntu VM services.