Aiter Ck Gemm Tune
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: aiter-ck-gemm-tune Version: 0.1.0 The aiter-ck-gemm-tune skill bundle provides a comprehensive workflow for tuning AMD GPU kernels, but it is classified as suspicious due to its high-risk instructions. Specifically, SKILL.md directs the AI agent to request sensitive SSH and Docker credentials from the user and execute broad shell commands, including long-running background processes using 'nohup'. While these capabilities are plausibly required for the stated purpose of tuning kernels on remote GPU nodes, they represent significant security risks. The provided Python scripts (parse_untuned_shapes.py and compare_results.py) appear to be legitimate utility tools for log parsing and performance analysis, and the instructions emphasize transparency and user confirmation throughout the process.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A tuning job could continue running for a long time and consume local GPU resources.
The workflow explicitly includes background tuning jobs. This is disclosed and purpose-aligned, but such jobs may keep using GPU/CPU resources until they finish or are stopped.
For long-running background jobs (Step 3), redirect output to file directly (`> <log> 2>&1`).
Start long tuning runs only after user confirmation, run them in the intended container/repository, monitor the log file, and stop the process if it is no longer needed.
Users have less external context to verify where the skill came from or whether it matches an upstream AITER workflow.
The registry metadata does not provide an upstream source or homepage, which limits provenance context for users evaluating the workflow.
Source: unknown Homepage: none
Review the visible scripts and run the workflow only against a trusted AITER checkout and environment.