Oathe Security Badge

Is jeftekhari/check-analytics safe?

https://clawhub.ai/jeftekhari/check-analytics

96
SAFE

This is a legitimate Google Analytics auditing skill that helps users identify issues and optimization opportunities in their analytics implementation. The skill content is purely instructional with no executable code or malicious behavior detected. It even implements security best practices by redacting sensitive measurement IDs.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO Normal installation network activity -5

Network connections to clawhub.ai during skill installation are expected and legitimate for downloading skill content.

INFO Measurement ID redaction implemented -5

The skill proactively implements security best practices by instructing redaction of measurement IDs (G-XXXX******) to prevent exposure of sensitive analytics identifiers.

LOW Codebase analysis scope -5

The skill will search through project files to identify analytics implementations, which is necessary for its stated purpose but could reveal project structure information.