Websocket Tester
PassAudited by VirusTotal on May 2, 2026.
Overview
Type: OpenClaw Skill Name: websocket-tester Version: 1.0.0 The websocket-tester skill provides standard utilities and Python scripts for debugging and performance testing WebSocket endpoints. It includes functionality for connection testing, message validation, and basic load testing using the `websockets` library and tools like `wscat`. The code in SKILL.md is transparent, uses expected environment variables ($HOST, $TOKEN), and lacks any indicators of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could unintentionally stress or disrupt a production or third-party WebSocket service.
The skill intentionally supports concurrent WebSocket load testing. This is purpose-aligned, but it can generate significant traffic if used with high parameters or against systems the user does not control.
description: ... load test concurrent connections ... async def load_test(url, num_connections, duration_sec, messages_per_sec):
Run load tests only against systems you own or have permission to test, use conservative limits, and confirm the target, connection count, duration, and message rate before running.
The user's environment may execute an externally sourced CLI package when following the example.
The example uses npx, which may download and execute the wscat package if it is not already installed. This is a common, purpose-aligned setup pattern, but the package version is not pinned in the artifact.
npx wscat -c "wss://$HOST/ws"
Prefer installing a trusted, pinned version of the WebSocket testing tool, or review the package source before using npx.
If a broad or sensitive token is used, the test connection may have access to protected account or application data.
The skill includes an authenticated WebSocket connection example using a bearer token. This is expected for testing authenticated endpoints, but it involves delegated account access.
extra_headers={'Authorization': f'Bearer {TOKEN}'}Use a test account or narrowly scoped token, avoid pasting secrets into shared chats, and do not log or publish token-bearing requests.