ClawHub

OpenClaw Performance

v1.1.0

Performance analysis and optimization. Profiles code execution, identifies bottlenecks, and suggests optimizations.

0· 55·0 current·0 all-time
by@michealxie001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (performance analysis, profiling, bottleneck detection) align with the provided SKILL.md and the included scripts/main.py analyzer. The skill requires no external credentials, binaries, or installs — which is appropriate for a local static/dynamic analysis tool.
Instruction Scope
SKILL.md instructs the agent/user to run the included script against local source files and to use cProfile/kernprof for profiling. Reading and analyzing repo files is expected for this purpose. There are no instructions to transmit data externally or to read unrelated system configuration. Note: profiling suggestions require running target code — running untrusted code is a security risk (this is a user operational risk rather than a misbehavior of the skill).
Install Mechanism
No install spec; instruction-only plus included scripts. Nothing is downloaded or extracted from remote URLs. This minimizes supply-chain risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md and code do not appear to access environment secrets. This is proportionate to the claimed functionality.
Persistence & Privilege
always is false and there's no request for persistent system modification or to change other skills' configs. The skill runs only when invoked.
Assessment
This skill appears to be what it says: a local performance analysis tool that reads your source files and prints suggestions. Before installing or running it: - Review scripts/main.py (and any additional shipped modules) for hidden network calls, subprocess.exec, or file writes. The provided snippet shows only AST/static checks, but review the remainder of the file. - Be careful when following the 'profile' advice: profiling runs your code (cProfile/kernprof). Do not profile untrusted code on a sensitive machine; run in an isolated environment or CI runner. - Note a couple of code-quality issues in the included script (undefined/possibly-missing variables and reliance on a local "c-support" path). Test the tool on a small repository first to confirm behavior. - If you expect C parsing support, check the origin and contents of any c-support modules before allowing them to be imported. Given the lack of external requests, secrets, or remote installs, the skill is coherent with its purpose. However, because the included script has some incomplete/buggy-looking code and imports local libraries conditionally, run it in a sandbox and inspect the full source before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bex2yteqzhgpqt56wz01bhd842e23

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments