What is the recommended approach for environment management?

The skill suggests a tiered scope strategy: read-only for development, limited write for staging, and strictly required minimal scopes for production environments.

Can I use this for production PostHog deployments?

Yes, it includes production-ready patterns such as scoped service account keys, secret rotation workflows, and comprehensive audit logging.

Does this skill include code for webhook security?

Yes, it provides a TypeScript implementation for verifying PostHog webhook signatures using HMAC SHA-256 and timing-safe equality checks.

How does this skill help prevent leaked PostHog API keys?

It provides standardized instructions for configuring environment variables and .gitignore files to ensure sensitive PostHog credentials are never accidentally committed to version control.

PostHog Security Basics

Name: PostHog Security Basics
Author: jeremylongshore

byjeremylongshore

•

1,449

•

Security & Testing

Implements security best practices for PostHog API keys, secret management, and access control levels.

This skill equips Claude with specialized knowledge to secure PostHog implementations by enforcing secret management patterns, configuring environment-specific access levels, and establishing audit logging. It helps developers prevent security vulnerabilities like exposed API keys or over-privileged tokens by providing structured workflows for secret rotation, webhook signature verification, and least privilege configuration, ensuring your product analytics data remains protected and compliant.

Key Features

01Automated audit logging for PostHog API interactions and events

02Step-by-step PostHog secret rotation and revocation workflows

03Cryptographic webhook signature verification patterns

04Environment-specific access control with least privilege scopes

05Secure API key and secret environment variable configuration

061,449 GitHub stars

Use Cases

01Auditing existing PostHog configurations for security vulnerabilities

02Implementing secure webhook handlers for incoming PostHog events

03Setting up new PostHog projects with tiered development and production permissions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills posthog-security-basics

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Automated audit logging for PostHog API interactions and events

02Step-by-step PostHog secret rotation and revocation workflows

03Cryptographic webhook signature verification patterns

04Environment-specific access control with least privilege scopes

05Secure API key and secret environment variable configuration

061,449 GitHub stars

Use Cases

01Auditing existing PostHog configurations for security vulnerabilities

02Implementing secure webhook handlers for incoming PostHog events

03Setting up new PostHog projects with tiered development and production permissions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills posthog-security-basics

For use in Claude.ai and ChatGPT

Download Skill