Oathe Security Badge

Is codeninja23/native-google-analytics safe?

https://clawhub.ai/codeninja23/native-google-analytics

96
SAFE

This Google Analytics skill is a legitimate API client for querying GA4 data with read-only access. The skill contains standard Python API client code and follows Google's recommended OAuth authentication patterns with appropriate read-only scope limitations.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Contains executable Python scripts -15

The skill includes two Python scripts (ga4_auth.py and ga4_query.py) that are executable. These are legitimate API client tools for Google Analytics authentication and querying, using standard OAuth flows and HTTPS API calls.

INFO Monitoring detected sensitive file access -5

System monitoring detected access to sensitive files (.env, SSH keys, AWS credentials) during the monitoring period. However, this occurred during system startup (09:27:29) rather than during skill installation, and appears unrelated to the skill itself.

INFO Requires OAuth credentials for Google APIs -5

The skill requires Google OAuth credentials (CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN) to function, but uses the read-only 'analytics.readonly' scope which limits access to viewing analytics data only.