home / skills / phrazzld / claude-config / check-posthog
This skill audits PostHog integration for SDK setup, privacy, flags, and data quality, delivering structured findings and actionable remediation steps.
npx playbooks add skill phrazzld/claude-config --skill check-posthogReview the files below or copy the command above to add this skill to your agents.
---
name: check-posthog
description: |
Audit PostHog integration: SDK setup, event tracking, privacy settings,
feature flags, and data quality. Outputs structured findings.
Use log-posthog-issues to create issues. Use fix-posthog to fix.
Invoke for: analytics audit, event tracking review, PostHog health check.
effort: high
---
# /check-posthog
Audit PostHog integration. Output findings as structured report.
## What This Does
1. Check SDK configuration
2. Check event tracking health
3. Check privacy compliance
4. Check feature flags
5. Check reverse proxy setup
6. Output prioritized findings (P0-P3)
**This is a primitive.** It only investigates and reports. Use `/log-posthog-issues` to create GitHub issues or `/fix-posthog` to fix.
## Process
### 1. Environment Check
```bash
~/.claude/skills/posthog/scripts/detect-environment.sh 2>/dev/null || echo "Script not found"
```
### 2. SDK Configuration Check
```bash
# posthog-js installed?
grep -q '"posthog-js"' package.json && echo "✓ posthog-js installed" || echo "✗ posthog-js not installed"
# Environment variables?
grep -qE "POSTHOG|NEXT_PUBLIC_POSTHOG" .env.local 2>/dev/null && \
echo "✓ PostHog env vars configured" || echo "✗ PostHog env vars missing"
# Provider exists?
find . -type f \( -name "*.ts" -o -name "*.tsx" \) -not -path "./node_modules/*" \
-exec grep -l "PostHogProvider\|initPostHog" {} \; 2>/dev/null | head -3
```
### 3. Privacy Settings Check
```bash
# Privacy masking configured?
grep -rE "mask_all_text|maskAllInputs" --include="*.ts" --include="*.tsx" \
-not -path "node_modules/*" . 2>/dev/null | head -3
# Check for PII in identify calls
grep -rE "posthog.identify.*email|posthog.identify.*name" --include="*.ts" --include="*.tsx" \
-not -path "node_modules/*" . 2>/dev/null && echo "⚠ PII found in identify calls" || echo "✓ No PII in identify"
```
### 4. Reverse Proxy Check
```bash
# Check next.config for PostHog rewrite
CONFIG=$(ls next.config.* 2>/dev/null | head -1)
if [ -n "$CONFIG" ]; then
grep -q "ingest.*posthog\|posthog.*ingest" "$CONFIG" 2>/dev/null && \
echo "✓ Reverse proxy configured" || echo "⚠ No reverse proxy (ad blockers will block events)"
fi
```
### 5. Event Quality Check (via MCP)
Use PostHog MCP tools:
```
mcp__posthog__event-definitions-list — Check tracked events
mcp__posthog__query-run — Verify events flowing (last 24h)
mcp__posthog__list-errors — Check for errors
```
### 6. Feature Flags Check (via MCP)
```
mcp__posthog__feature-flag-get-all — List all flags
```
Look for:
- Stale flags (not evaluated in 30+ days)
- Flags with 0% or 100% rollout (should be archived)
- Flags without descriptions
## Output Format
```markdown
## PostHog Audit
### P0: Critical (Not Working)
- SDK not initialized - No events being tracked
- API key missing - Events rejected
### P1: Essential (Must Fix)
- No reverse proxy - Events blocked by ad blockers
- Privacy masking missing - May leak PII
- PII in identify() calls - GDPR violation risk
### P2: Important (Should Fix)
- No standard events defined - Inconsistent tracking
- No feature flags in use - Missing experimentation capability
- Debug mode in production - Performance impact
### P3: Nice to Have
- Consider server-side tracking
- Add session recording
- Set up error tracking integration
## Current Status
- SDK: Installed but misconfigured
- Events: Flowing but limited
- Privacy: Partial compliance
- Feature Flags: Not in use
## Summary
- P0: 0 | P1: 2 | P2: 1 | P3: 2
- Recommendation: Add reverse proxy and privacy masking
```
## Priority Mapping
| Gap | Priority |
|-----|----------|
| SDK not initialized | P0 |
| API key missing/invalid | P0 |
| Events not flowing | P0 |
| No reverse proxy | P1 |
| Privacy masking missing | P1 |
| PII in identify() | P1 |
| No standard events | P2 |
| Debug mode in prod | P2 |
| Stale feature flags | P2 |
| No server-side tracking | P3 |
| No session recording | P3 |
## Related
- `/log-posthog-issues` - Create GitHub issues from findings
- `/fix-posthog` - Fix PostHog integration gaps
- `/posthog` - Full PostHog lifecycle workflow
This skill audits a PostHog integration and produces a prioritized, structured findings report. It inspects SDK setup, event delivery, privacy controls, feature flags, and reverse proxy configuration. Findings are categorized P0–P3 and include concise remediation recommendations. Use linked primitives to log or fix issues automatically.
The skill runs a sequence of checks across the codebase and runtime: it detects SDK installation and initialization, scans for environment variables and provider components, and verifies reverse proxy rewrites. It searches code for privacy masking settings and PII usage in identify calls, queries PostHog via MCP tools to validate event definitions and recent traffic, and lists feature flags to flag stale or misconfigured flags. Results are aggregated into a prioritized report with summary counts and actionable items.
Can this skill fix issues automatically?
No. This skill only investigates and reports. Use the provided fix-posthog primitive to apply fixes.
How are priorities assigned?
Findings map to P0–P3 by impact: P0 blocks analytics (no events/API key issues), P1 covers essential gaps (privacy, reverse proxy), P2 covers important improvements, and P3 is optional enhancements.