Performance Profiler
Security checks across malware telemetry and agentic risk
Overview
This is a coherent instruction-only performance profiling guide, with normal but notable guidance to run profiling commands, install profiler tools, create profiling files, and load test APIs.
Safe to install as an instruction-only profiling reference, but review commands before running them, avoid testing third-party services without permission, use trusted package sources for optional profilers, and treat generated profile or heap files as sensitive.
VirusTotal
59/59 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong command could modify files, start services, or expose local application behavior.
The skill gives examples that execute user-selected local commands for timing and profiling, which is central to performance diagnosis but still runs code with the user's local privileges.
time my-command --flag
Confirm each command and target program before running profiling examples, especially in production directories or with privileged shells.
Installing packages from public registries can add code to the local environment.
The guide includes optional installation of external profiling packages; this is expected for profiling but introduces normal third-party package provenance risk.
pip install line_profiler
Install profiler dependencies from trusted package indexes, prefer pinned versions in project environments, and avoid installing globally unless necessary.
Excessive or unauthorized load tests could slow down or disrupt an API or violate service policies.
Load testing is part of the stated skill purpose, but it can generate significant traffic against an API if used without limits or on the wrong target.
Load testing APIs before deployment
Only load test systems you own or are authorized to test, preferably in staging, and set explicit rate, duration, and concurrency limits.
Heap snapshots or profile files may reveal secrets, personal data, request payloads, or proprietary application internals if shared or left in unsafe locations.
The guide shows creating heap snapshots and profiling artifacts; these files can contain in-memory application data and may persist after the profiling task.
const snapshotStream = v8.writeHeapSnapshot();
Store profiling outputs locally, restrict access, avoid uploading them to untrusted services, and delete or redact them after analysis.