performance-tester
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent performance-testing guide, but its examples can generate heavy traffic and perform authenticated, state-changing test actions, so they should only be used on authorized test environments.
This skill is reasonable for performance-testing assistance. Before installing or using it, confirm that any generated load tests target only approved staging or test systems, keep checkout/payment flows sandboxed, and replace example credentials with dedicated test credentials managed securely.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If adapted or run against a production or unauthorized target, these tests could create unwanted orders, alter application data, or degrade service availability.
The example can drive a large spike load and perform state-changing checkout requests against a configurable target application.
spike_test ... { duration: '10s', target: 1400 } ... http.post(`${BASE_URL}/api/checkout`, JSON.stringify(checkoutData), { headers })Run load tests only against systems you control or have explicit permission to test, use staging/sandbox environments, and add safeguards for checkout or other state-changing flows.
Users who copy the pattern with real credentials could expose or misuse accounts during performance testing.
The example demonstrates logging in with credentials and reusing a bearer token during the test; the shown password appears synthetic, but credential handling is still present.
const token = authenticate(BASE_URL, { email: `user${__VU}@example.com`, password: 'password123' }); ... return loginResponse.json('token');Use dedicated test accounts, keep real credentials out of scripts, prefer environment variables or secret managers, and ensure tokens are not logged or shared.