ClawHub
Back to skill
v1.0.0

Performance Tester

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:12 AM.

Analysis

The skill is a coherent roadmap-generation API with no code, install steps, credentials, or local access, but it may send career assessment details and identifiers to a service with limited provenance metadata.

GuidanceThis appears safe for normal use as a learning-roadmap generator. Before installing, confirm you are comfortable sharing career assessment details with this service, and avoid including confidential project, employer, or personal information that is not needed for the roadmap.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata provides limited provenance for the skill or backing service. There is no install code or dependency risk shown, so this is a transparency notice rather than a security concern.

User impactThere is less public information available to independently verify the publisher or service before sharing assessment data.
RecommendationVerify that you trust the publisher or deployment context before submitting identifiable or sensitive information.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
openapi.json
"/api/performance/roadmap" ... "RoadmapRequest" ... "assessmentData" ... "sessionId" ... "userId"

The API schema shows that roadmap generation may submit assessment details along with session and optional user identifiers. This is purpose-aligned for personalization, but users should recognize that these details may be shared with the service.

User impactYour career goals, skills, experience, session ID, and optional user ID may be included in a roadmap request.
RecommendationOnly provide the assessment details needed for the roadmap, and avoid adding sensitive personal or employer-confidential information.