ClawHub

linux-performance-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Linux performance troubleshooting skill, but it includes powerful admin-level tuning examples that users should apply carefully.

Install only if you want Linux host performance guidance. Do not give the agent root access by default, and do not copy tuning snippets directly into production: record current values, test temporary changes first, use maintenance windows for persistent changes, and keep rollback steps. Treat snapshots, process lists, network details, kernel logs, and heap dumps as sensitive before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (16)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are very broad, including common troubleshooting requests such as system slowness, memory issues, kernel tuning, and command-output interpretation. In an agent platform, this can cause unintended or excessive activation, leading the skill to engage on routine conversations and potentially recommend intrusive diagnostics or tuning actions in contexts where the user did not explicitly request this skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section gives direct, privileged system-tuning commands that modify kernel and process behavior (for example sysctl, THP, and oom_score_adj) without any warning about rollback, persistence, workload-specific tradeoffs, or the risk of destabilizing production hosts. In a performance-analysis skill, users are especially likely to copy-paste such commands during incidents, which increases the chance of unintended service degradation or data-loss-adjacent outcomes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section appends or writes critical network and limits configuration files and then applies them system-wide, without warning that incorrect values can break connectivity, exhaust resources, or affect unrelated services. Because these are one-shot commands touching /etc/sysctl.d and limits.conf, an operator could easily cause broad service disruption by copying them unchanged into the wrong environment.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document recommends kernel VM tuning and changing the block scheduler based on a single example, but does not warn that scheduler availability and optimal values depend on kernel version, device type, and workload. Applying these settings blindly can worsen latency, reduce throughput, or fail on unsupported systems, which is risky in an ops-focused skill where readers may assume the advice is generally safe.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The heap-dump instruction can capture credentials, tokens, PII, and other in-memory secrets, and may also consume substantial disk space on production systems, yet the document gives no warning about data sensitivity or storage impact. In a troubleshooting guide, users may run this during outages and then leave sensitive artifacts in insecure locations such as /tmp.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section contains direct system-modifying commands that change kernel scheduler parameters, CPU governor behavior, and create a persistent systemd service. Although the content is framed as performance tuning, it lacks a strong up-front warning that these changes can reduce responsiveness, increase power draw, destabilize workloads, or persist across reboots, making misuse by operators plausible.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This portion documents scheduling, affinity, NUMA, and interrupt-routing changes that can disrupt running services if applied incorrectly. Commands such as realtime scheduling, CPU pinning, disabling irqbalance, and writing IRQ affinity masks can starve processes, imbalance load, or degrade network handling, and the document does not consistently foreground these operational risks before the action steps.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section provides commands that persistently modify I/O scheduler behavior via /sys and udev rules, affecting boot-time and runtime storage behavior without a prominent warning that these changes require root privileges and can degrade performance or stability on the wrong hardware. In a performance-tuning skill, such commands are contextually relevant, but recommending direct system configuration changes without an explicit risk banner makes accidental misuse more likely.

Missing User Warnings

High
Confidence
98% confidence
Finding
The document recommends high-risk mount options such as data=writeback and barrier=0, which can reduce integrity guarantees and increase the chance of corruption or data loss after crashes or power failures. Although these options are sometimes used in specialized environments, presenting them as optimization examples without a strong, prominent safety warning is dangerous in a broadly scoped admin skill.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This section writes persistent startup configuration to /etc/rc.local and includes a raw device read benchmark using dd against /dev/sda, both of which can affect system behavior or unintentionally stress production disks. The issue is not overtly malicious, but the lack of a clear warning about modifying system startup files and testing only on intended non-critical devices creates operational risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This document includes copy-pastable commands that create, overwrite, apply, and later delete system-wide sysctl configuration under /etc/sysctl.d, which can materially change kernel networking and memory behavior and requires elevated privileges. Although framed as performance tuning guidance, the template applies broad, aggressive settings without strong environment-specific warnings, rollback safeguards, or explicit privilege/production-risk cautions near the dangerous commands.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section instructs users to modify swap configuration and persist changes in /etc/sysctl.d and /etc/fstab without an upfront warning that these are privileged, persistent system changes that can affect boot behavior, memory pressure, and service stability. In a performance-tuning skill, such commands are contextually relevant, but presenting them as direct copy-paste guidance increases the risk of accidental disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance includes writing to /proc/sys/vm/drop_caches and tuning vm.min_free_kbytes/vfs_cache_pressure with only limited caution, even though these kernel memory controls can cause I/O spikes, cache loss, latency regressions, and application disruption. Because this skill targets live Linux performance troubleshooting, operators may run the commands on production hosts, making insufficient warnings materially risky.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This section provides commands that persistently modify kernel networking parameters via /etc/sysctl.d without a clear warning that they are system-wide, workload-dependent, and may degrade connectivity or stability if applied blindly. In an agent skill context, users may copy-paste these changes directly, increasing the risk of unsafe configuration changes on production hosts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The full example applies a broad, system-wide network tuning profile and immediately loads it, but does not warn about service disruption, incompatibilities, or the possibility that some settings can harm latency-sensitive, low-memory, NAT-heavy, or containerized environments. Because it bundles many kernel changes into a ready-to-run snippet, it materially increases the chance of unsafe deployment and difficult-to-diagnose outages.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script collects highly sensitive host telemetry including process lists, kernel logs, network state, routing, sysctl settings, OOM history, and storage details, then writes it to an arbitrary user-specified path without any warning, permission hardening, or redaction. In a troubleshooting skill this behavior is functional, but it still creates a real information-exposure risk because the resulting report may be stored in insecure locations, shared unintentionally, or read by other local users depending on filesystem permissions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal