ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Perf Profiler

v1.0.0

Linux system performance analysis using perf-prof for real-time event processing and profiling CPU, memory, IO, scheduling, virtualization, and custom scripts.

1· 46·0 current·0 all-time
by@duanery
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (perf-prof Linux performance analysis) matches the SKILL.md and the many profiler reference documents. There are no unrelated environment variables or surprising external services requested. One small metadata inconsistency: registry metadata lists Source: unknown / Homepage: none, while SKILL.md points to a GitHub repo (https://github.com/OpenCloudOS/perf-prof.git). The GitHub URL in the instructions aligns with the stated purpose, but the registry record not listing the source is a minor discrepancy to verify.
Instruction Scope
The instructions correctly cover installing (git clone, build) and running perf-prof and reference many operations expected for a low-level profiler: reading /proc, writing to /sys/kernel/debug/tracing (kprobe/uprobe events), adding probes, using perf-prof to sample events, and reading symbol maps. These actions inherently require elevated privileges and can modify kernel tracing state. The expression language documented (expr.md) exposes a built-in system(...) function which permits executing formatted shell commands from expressions — this is a powerful capability and, if combined with untrusted inputs, can execute arbitrary commands. All of these behaviours are consistent with the tool's purpose but are high-impact and must be run with caution and user consent.
Install Mechanism
This is an instruction-only skill (no automated install spec). The SKILL.md suggests cloning and building from a GitHub repo (https://github.com/OpenCloudOS/perf-prof.git) and installing system packages via yum. That is proportionate to compiling a system profiler, but the skill will instruct the user to fetch and run code from a remote repository and install OS packages—verify the repository and its integrity before building. There is no package checksum or release host verification provided.
!
Credentials
The skill requests no environment variables, which is expected. However, the runtime instructions routinely require root privileges (installing packages, writing to /sys/kernel/debug/tracing, reading /proc/kcore, adding kprobes/uprobes, and reading other processes' maps). Those privileges are appropriate for a system profiler but are sensitive. Additionally, the documented expression builtin system(...) allows executing shell commands from inside perf-prof expressions — this can run arbitrary commands if expressions come from untrusted sources. Treat these privilege needs as intentional but high-risk and verify you trust both the user inputs and the perf-prof binary/source before granting them.
Persistence & Privilege
The skill is not always-enabled, has no install-time persistence spec, and is instruction-only. It does not request system configuration changes beyond the actions the user would perform at runtime. The skill can be invoked autonomously by the agent by default (disable-model-invocation is false) which is platform normal; combine that with the high‑privilege operations above only if you trust the skill and the agent's autonomy.
Assessment
This skill is a documentation-driven workflow for a low-level Linux profiler and is internally coherent with that purpose. Before using it, verify the upstream source (the SKILL.md references https://github.com/OpenCloudOS/perf-prof.git) and inspect the repository you will clone. Understand that most useful profiling commands require root: the skill instructs writing to /sys/kernel/debug/tracing, adding kprobes/uprobes, reading other processes' maps, and (in some workflows) reading kernel memory (/proc/kcore). These are powerful operations that can affect system behavior and expose sensitive memory. Also note the documented expression builtin system(...) can execute arbitrary shell commands if expressions are accepted from untrusted inputs — avoid feeding untrusted expressions or run profiling in an isolated/test environment. If you plan to proceed on production hosts: (1) review the GitHub source code and commits, (2) build from a verified release or checksum, (3) run initially on a non-production machine or in a VM/container, and (4) explicitly confirm any root actions with an administrator before executing them.

Like a lobster shell, security has layers — review code before you run it.

latestvk979prt84aad3egqe8h5thzbjh83qj3s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments