Skill Perf
Security checks across malware telemetry and agentic risk
Overview
This is a coherent performance-measurement skill, but it will actually run the target skill in subagents and read local OpenClaw session usage files to create reports.
This skill appears purpose-aligned for measuring OpenClaw skill token cost. Before installing, be aware that it performs real target-skill runs in subagents, consumes tokens, reads local OpenClaw session usage files, and saves localhost-viewable HTML reports. Use non-destructive test cases and do not share generated reports until you have checked them for sensitive details.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Measuring a skill can consume tokens, take time, and may perform real actions if the tested skill controls devices, accounts, files, or services.
Benchmarking requires a real execution of the target skill in a child agent, so any side effects of the target skill may also occur during measurement.
task 让 subagent **完整执行被测 skill 一次**
Use safe test inputs, avoid benchmarking destructive workflows directly, and ask for confirmation before testing skills that can mutate data or affect external systems.
Local code from the skill package will run on the user’s machine as part of normal operation.
The skill instructs the agent to run local shell and Python helper scripts to wait for sessions and generate the report.
bash ~/.openclaw/skills/skill-perf/scripts/wait_and_report.sh
Install only if you are comfortable running the bundled helper scripts, and inspect them if you have strict local-execution requirements.
The skill accesses local agent session records and stores derived reports, which may reveal usage metadata about recent agent runs.
The skill reads local OpenClaw session JSON/JSONL artifacts to extract token usage and generate benchmark reports.
从 `.jsonl` 取 totalTokens,计算净消耗
Review generated reports before sharing them and avoid running benchmarks that would cause sensitive task details to be included in local report artifacts.
Users have less provenance information for verifying where the bundled scripts came from.
The registry metadata does not provide an upstream source or homepage for a skill that includes runnable helper scripts.
Source: unknown; Homepage: none
Prefer installing from a trusted registry entry or verified source, and review the included scripts before relying on the reports.