Heap Dump & Profiler
v1.0.1内存快照分析(v8 heap snapshot)+ 性能分析(perf_hooks)
⭐ 0· 73·0 current·0 all-time
byc32@amd5
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe heap snapshots and profiling; the included scripts implement exactly those features (v8.getHeapSnapshot, perf_hooks). There are no unrelated network calls or external service credentials requested.
Instruction Scope
SKILL.md instructs running the included scripts which is correct, but there are small mismatches: the README warns 'profiler output write to memory/perf/' while the code actually writes to ~/.openclaw/profiles/ and ~/.openclaw/heap-snapshots/. The scripts also read /proc/self/fd (Linux-only) and use internal Node APIs (process._getActiveHandles/_getActiveRequests) to collect diagnostics — these are diagnostic actions consistent with the stated purpose but they access low-level process state.
Install Mechanism
No install spec (instruction-only with bundled scripts). Nothing is downloaded or extracted from remote URLs; risk from install mechanism is low.
Credentials
The skill declares no required env vars or credentials and indeed needs none. It does rely on process.env.HOME to create ~/.openclaw/… directories; the skill did not declare those config paths in metadata, which is a minor inconsistency you should be aware of.
Persistence & Privilege
Skill is not always-enabled and is user-invocable only. It writes files under the user's HOME (heap snapshots, diagnostics, profile state/history) which is expected for a local diagnostic tool and does not change other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: generate V8 heap snapshots and record perf_hooks-based profiling locally. Before installing, note that: 1) it creates ~/.openclaw/heap-snapshots/ and ~/.openclaw/profiles/ and stores potentially large .heapsnapshot files—delete them after analysis; 2) it reads low-level process info (internal Node APIs and /proc/self/fd on Linux) to build diagnostics — expected for profiling but it does access process state; 3) SKILL.md and the code disagree about the output path (memory/perf/ vs ~/.openclaw/...), so confirm where files will land on your system; 4) there are no network calls or credential requests, so no outward exfiltration is apparent. If you run this on a production agent, consider running it in a controlled/dev environment first and inspect the files it creates.Like a lobster shell, security has layers — review code before you run it.
latest
Heap Dump & Profiler — 内存与性能分析
版本: 1.0.1
创建日期: 2026-04-13
更新日期: 2026-04-14
📋 功能
| 功能 | 说明 |
|---|---|
| heap-dump | 生成 v8 堆快照,Chrome DevTools 分析 |
| profiler | perf_hooks 性能分析(start/checkpoint/end/report) |
📂 文件结构
skills/heap-dump/
├── SKILL.md
├── skill.json
└── scripts/
├── heap-dump.js # 内存快照生成
└── profiler.js # 性能分析工具
🔧 用法
# 内存快照
node skills/heap-dump/scripts/heap-dump.js snapshot
# 性能分析
node skills/heap-dump/scripts/profiler.js start "任务名" # 开始
node skills/heap-dump/scripts/profiler.js checkpoint "阶段" # 标记点
node skills/heap-dump/scripts/profiler.js end # 结束
node skills/heap-dump/scripts/profiler.js report # 生成报告
📊 触发方式
- 手动触发(按需使用的诊断工具,无需自动化)
⚠️ 注意事项
- heap snapshot 文件较大,建议分析后删除
- profiler 输出写入
memory/perf/目录 - 已合并 headless-profiler 功能
Comments
Loading comments...