Sglang Amd Bench
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: sglang-amd-bench Version: 0.1.0 The sglang-amd-bench skill bundle is a well-structured toolset for benchmarking LLM serving performance on AMD GPUs. It includes functional Bash scripts (serve.sh, bench.sh) and Python utilities (wait_for_server.py, jsonl_to_csv.py) that align perfectly with the stated purpose. The SKILL.md instructions incorporate strong safety guardrails, such as 'Rule 1', which explicitly forbids the agent from modifying the user's environment (e.g., pip installs), and a mandatory confirmation gate before execution. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised model repository could run code on the machine or container used for benchmarking.
The benchmark server is intentionally launched with SGLang's remote/custom model-code trust flag. This is disclosed and relevant for serving some models, but it means custom model repository code may execute in the benchmark environment.
`MODEL_PATH` ... `Path to model weights or HuggingFace model ID` ... `--trust-remote-code`: Always added.
Use only trusted, pinned, or locally reviewed model repositories; prefer isolated containers/nodes; run DRY_RUN=1 first and remove the trust flag if it is not needed for the model.
Running the stop script in a shared container or host could interrupt other SGLang jobs, not just the benchmark started by this skill.
The cleanup script forcibly kills every process whose command line matches sglang in the current environment. This is a normal benchmark cleanup step, but it is broad within that environment.
ps -ef | grep -i sglang | grep -v grep | awk '{print $2}' | xargs -r kill -9Run benchmarks in a dedicated container or node, and check active jobs before using the stop script on shared systems.
The server can continue consuming GPU memory and serving on its configured port after the initial command returns.
The launcher can intentionally leave an SGLang server running in the background. This is disclosed and useful for benchmarking, but it is a persistent process until stopped.
if [[ "${BACKGROUND:-0}" == "1" ]]; then
nohup $CMD > "$LOG_FILE" 2>&1 &Track the log/PID, use the bundled stop and verify scripts after each run, and avoid background mode unless you need it.