lmeterx-web-loadtest

The skill bundle provides a web load testing tool that interacts with the LMeterX platform (https://lmeterx.openxlab.org.cn). It is classified as suspicious due to a critical security vulnerability in scripts/run.py, which disables SSL certificate verification (verify=False), making the agent susceptible to man-in-the-middle attacks. Furthermore, the SKILL.md instructions are overly aggressive, mandating that the agent automatically initiate a full load testing workflow—including task creation—whenever a user mentions a URL, which could lead to unintended or unauthorized load testing of third-party websites. The script also utilizes a hardcoded default authentication token ('lmeterx').