Heap Dump & Profiler
v1.0.1内存快照分析(v8 heap snapshot)+ 性能分析(perf_hooks)
⭐ 0· 60·0 current·0 all-time
byc32@amd5
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe heap snapshots and profiling; the included scripts implement exactly those features (v8.getHeapSnapshot, perf_hooks). There are no unrelated network calls or external service credentials requested.
Instruction Scope
SKILL.md instructs running the included scripts which is correct, but there are small mismatches: the README warns 'profiler output write to memory/perf/' while the code actually writes to ~/.openclaw/profiles/ and ~/.openclaw/heap-snapshots/. The scripts also read /proc/self/fd (Linux-only) and use internal Node APIs (process._getActiveHandles/_getActiveRequests) to collect diagnostics — these are diagnostic actions consistent with the stated purpose but they access low-level process state.
Install Mechanism
No install spec (instruction-only with bundled scripts). Nothing is downloaded or extracted from remote URLs; risk from install mechanism is low.
Credentials
The skill declares no required env vars or credentials and indeed needs none. It does rely on process.env.HOME to create ~/.openclaw/… directories; the skill did not declare those config paths in metadata, which is a minor inconsistency you should be aware of.
Persistence & Privilege
Skill is not always-enabled and is user-invocable only. It writes files under the user's HOME (heap snapshots, diagnostics, profile state/history) which is expected for a local diagnostic tool and does not change other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: generate V8 heap snapshots and record perf_hooks-based profiling locally. Before installing, note that: 1) it creates ~/.openclaw/heap-snapshots/ and ~/.openclaw/profiles/ and stores potentially large .heapsnapshot files—delete them after analysis; 2) it reads low-level process info (internal Node APIs and /proc/self/fd on Linux) to build diagnostics — expected for profiling but it does access process state; 3) SKILL.md and the code disagree about the output path (memory/perf/ vs ~/.openclaw/...), so confirm where files will land on your system; 4) there are no network calls or credential requests, so no outward exfiltration is apparent. If you run this on a production agent, consider running it in a controlled/dev environment first and inspect the files it creates.Like a lobster shell, security has layers — review code before you run it.
latestvk97dv5n8z2k2ffnjw4wpwwy7ph84tjrp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.