posthog

[Skill Scanner] Credential file access detected This Skill is functionally consistent with its stated purpose (full audit + remediation for PostHog). I found no evidence of embedded malware or obfuscated payloads. However, the skill requests and automates high-impact actions (setting production environment variables, deleting feature flags, and running codex exec --full-auto to modify code) and refers to executing local scripts under ~/.claude. These capabilities are disproportionate for an untrusted or fully automated agent without human review. Recommendation: treat as sensitive — require interactive human approval, restrict automated code changes, and ensure secrets and MCP write/delete operations are gated. Do not grant these actions to an untrusted autonomous agent without safeguards. LLM verification: The skill is largely aligned with its stated purpose of end-to-end PostHog lifecycle management. The core data flows and remediation patterns are consistent with production-grade instrumentation maintenance. However, the credential-reference anomaly and automation that can modify production configurations without explicit human approval raise security concerns. Recommend implementing explicit approval gates, redactable/log-sanitized outputs, and tightened secret handling (no secret printing, res