posthog
Enables PostHog analytics integration for Next.js apps, facilitating event tracking, A/B testing, and detailed reporting.
Install this skill
or
88/100
Security score
The posthog skill was audited on Feb 12, 2026 and we found 12 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
low line 141
Webhook reference - potential data exfiltration
SourceSKILL.md
| 141 | ├── API route / webhook → Server (posthog-node) |
low line 32
Access to .env file
SourceSKILL.md
| 32 | # .env.local |
low line 83
Access to .env file
SourceSKILL.md
| 83 | posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY!, { |
low line 108
Access to .env file
SourceSKILL.md
| 108 | posthogClient = new PostHog(process.env.NEXT_PUBLIC_POSTHOG_KEY!, { |
low line 109
Access to .env file
SourceSKILL.md
| 109 | host: process.env.NEXT_PUBLIC_POSTHOG_HOST || 'https://us.i.posthog.com', |
low line 34
External URL reference
SourceSKILL.md
| 34 | NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com |
low line 49
External URL reference
SourceSKILL.md
| 49 | destination: "https://us-assets.i.posthog.com/static/:path*", |
low line 53
External URL reference
SourceSKILL.md
| 53 | destination: "https://us.i.posthog.com/:path*", |
low line 57
External URL reference
SourceSKILL.md
| 57 | destination: "https://us.i.posthog.com/decide", |
low line 67
External URL reference
SourceSKILL.md
| 67 | "connect-src 'self' ... https://*.posthog.com https://us.i.posthog.com https://us-assets.i.posthog.com", |
low line 86
External URL reference
SourceSKILL.md
| 86 | ui_host: 'https://us.i.posthog.com', |
low line 109
External URL reference
SourceSKILL.md
| 109 | host: process.env.NEXT_PUBLIC_POSTHOG_HOST || 'https://us.i.posthog.com', |
Scanned on Feb 12, 2026
View Security DashboardGitHub Stars 55
Rate this skill
Categorymarketing
UpdatedApril 5, 2026
apidatabasemarketing-analystproduct-marketergrowth-marketerdata-analystproduct-managergoogle-analyticsmarketingdata analyticsproduct
NeverSight/skills_feed