performance-tester
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: ah-performance-tester Version: 1.0.0 The performance-tester skill bundle provides a comprehensive set of tools and documentation for load testing, stress testing, and system monitoring. The included code examples in references/examples.md (K6, JMeter, Python, and Bash) are standard implementations for performance engineering, such as using psutil for resource tracking and subprocess for executing test runners. While the bundle includes capabilities for system interaction and network requests, these are strictly aligned with the stated purpose, and no evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If adapted or run against a production or unauthorized target, these tests could create unwanted orders, alter application data, or degrade service availability.
The example can drive a large spike load and perform state-changing checkout requests against a configurable target application.
spike_test ... { duration: '10s', target: 1400 } ... http.post(`${BASE_URL}/api/checkout`, JSON.stringify(checkoutData), { headers })Run load tests only against systems you control or have explicit permission to test, use staging/sandbox environments, and add safeguards for checkout or other state-changing flows.
Users who copy the pattern with real credentials could expose or misuse accounts during performance testing.
The example demonstrates logging in with credentials and reusing a bearer token during the test; the shown password appears synthetic, but credential handling is still present.
const token = authenticate(BASE_URL, { email: `user${__VU}@example.com`, password: 'password123' }); ... return loginResponse.json('token');Use dedicated test accounts, keep real credentials out of scripts, prefer environment variables or secret managers, and ensure tokens are not logged or shared.