ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Performance Engineering System

v1.0.0

Complete performance engineering system — profiling, optimization, load testing, capacity planning, and performance culture. Use when diagnosing slow applica...

0· 433·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contents: profiling, load testing, capacity planning and remediation guidance across Node.js, Python, Go, and Java. Required artifacts (none) are appropriate for an instruction-only methodology skill.
Instruction Scope
SKILL.md contains concrete profiling and load-testing commands, diagnostics, and checklists that stay within performance-engineering scope. Note: many examples invoke tools (npx, pip, go tool, k6, async-profiler) and attach to local PIDs or localhost endpoints; those are expected for this domain but can be disruptive if run against production or without reviewing.
Install Mechanism
No install spec and no code files — instruction-only. Examples expect use of package managers (npx, pip) or downloading official tools (async-profiler), which is proportional to profiling tasks. There are no opaque download URLs or archive extracts in the skill itself.
Credentials
The skill declares no environment variables, credentials, or config paths. The instructions reference local PIDs, localhost profiler endpoints, and common developer tools only, which is proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent or elevated agent privileges or modify other skills. Autonomous invocation is permitted by platform default but the skill does not request special persistence.
Assessment
This skill is a methodology and set of commands for performance engineering and appears coherent. Before running anything the agent suggests: (1) Review commands that attach profilers or run load tests and only run them against permitted/staging systems; (2) be aware npx/pip/go commands will fetch packages from public registries—prefer installing audited tooling from trusted sources; (3) avoid running heavy k6 or load tests against production without authorization; (4) verify any external links/tools (async-profiler, k6) come from official project pages; and (5) if you will let the agent invoke these actions automatically, restrict it or supervise the first runs to prevent accidental disruption.

Like a lobster shell, security has layers — review code before you run it.

benchmarkingvk97d2gys5yqe9c1mx9ppsbqh4n81tvghdevopsvk97d2gys5yqe9c1mx9ppsbqh4n81tvghlatestvk97d2gys5yqe9c1mx9ppsbqh4n81tvghload-testingvk97d2gys5yqe9c1mx9ppsbqh4n81tvghoptimizationvk97d2gys5yqe9c1mx9ppsbqh4n81tvghperformancevk97d2gys5yqe9c1mx9ppsbqh4n81tvghprofilingvk97d2gys5yqe9c1mx9ppsbqh4n81tvgh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux · macOS · Windows

Comments