ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

linux-performance-analyzer

v1.0.0

Linux 系统性能分析与调优全能专家。融合多个专项 skill 精华,覆盖 CPU、内存、磁盘 I/O、 网络、内核参数、编译优化、容器/K8s 等全维度。触发场景: (1) 系统变慢/卡顿/负载高/响应慢 (2) 内存不足/OOM Kill/Swap 使用率高 (3) CPU 使用率异常/iowait 高/上...

1· 216·2 current·2 all-time
byjoeytao@husttsq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, README and the two scripts all focus on Linux performance diagnosis and tuning. The requested artifacts (shell scripts, reference docs, sysctl changes, monitoring) are appropriate and expected for this purpose.
Instruction Scope
Instructions explicitly read many system files (e.g., /proc, sysctl, dmesg) and run diagnostic commands — which is expected. They also include concrete commands to change kernel parameters, write files under /etc/sysctl.d, create systemd/udev services, modify /proc/<PID>/oom_score_adj and echo values to /sys — these are privileged and can persist across reboots. That scope is coherent with tuning, but it's high-impact: review and test in staging, back up current values and configs before applying.
Install Mechanism
No external install spec; code is included as scripts and docs in the skill bundle. No downloads, package installs, or network fetches are performed by the skill itself. This is the lowest-risk install mechanism.
Credentials
The skill requests no environment variables, no credentials, and no external config paths. All accessed files and commands are local system artifacts appropriate for OS tuning.
Persistence & Privilege
Skill is not always-on and can be invoked by the user. However, its instructions include persistent system changes (writing /etc/sysctl.d files, creating systemd services, udev rules, rc.local edits) that require root privileges and will persist across reboots. This is expected for a tuning tool but elevates risk if run without careful review.
Assessment
This skill appears to do exactly what it says: collect diagnostics and suggest/apply Linux tuning. It does not request secrets or contact external endpoints. However, many suggested commands modify kernel parameters and write system files (sysctl.d, systemd units, udev rules, /proc and /sys edits, oom_score_adj) and therefore require root and can affect production stability. Before using: (1) review the scripts (collect_snapshot.sh and perf_monitor.sh) to confirm they only run the diagnostics you expect; (2) run the snapshot script in read-only mode or save output to a file first (bash scripts/collect_snapshot.sh --output /tmp/snap.txt); (3) do NOT blindly apply persistent changes — back up current sysctl values and config files; test changes in a staging environment; (4) prefer applying temporary sysctl -w changes and validate effects before persisting; (5) be cautious with commands that echo values into /proc or /sys or change scheduling/governor settings; they require root and can impact availability. If you need lower risk, limit the skill to data-collection only and perform tuning steps manually after manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk973z2h9147wxmrpg9c2y8qqbs83kcjr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments