Perftest
PassAudited by ClawScan on May 1, 2026.
Overview
Perftest is a small, purpose-aligned HTTP benchmarking skill with minor dependency and argument-handling issues but no evidence of deception, credential access, exfiltration, or destructive behavior.
This skill appears safe for its stated purpose, but verify the target URL and file paths before running it, use it only on services you own or are authorized to test, and expect possible runtime issues until the curl dependency and argument handling are corrected.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Benchmark commands may not behave exactly as documented, and user-provided URLs or files are passed directly to local command-line tools.
The skill exposes shell utilities to user-provided URL and file arguments, and the command functions use $2/$3 after main has already shifted the subcommand. This is purpose-aligned, but it can cause failed commands or requests/file reads against an unintended argument.
http) shift; cmd_http "$@" ;; ... local url="${2:-}" ... curl -so /dev/null -w '%{time_total}' $2 ... cat $2 ... head -5 $2Use only explicit, trusted URLs and log files, and the maintainer should fix argument handling and quote file/URL variables.
The skill may fail at runtime on systems without curl even though installation metadata does not warn or check for it.
The skill discloses a curl dependency in its description, but the registry requirements do not declare curl as a required binary.
Description: Run HTTP performance tests ... Requires curl. ... Required binaries (all must exist): none
Declare curl as a required binary in the skill metadata so users and installers can validate the environment before use.