ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slv Benchmark

v0.13.15

Run benchmark tests and connectivity checks for SLV endpoints using shredstream, grpc, or rpc with region-aware configuration and API key support.

0· 140·0 current·0 all-time
byELSOUL LABO B.V.@poppin-fumi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for poppin-fumi/slv-benchmark.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Slv Benchmark" (poppin-fumi/slv-benchmark) from ClawHub.
Skill page: https://clawhub.ai/poppin-fumi/slv-benchmark
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install slv-benchmark

ClawHub CLI

Package manager switcher

npx clawhub@latest install slv-benchmark
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and AGENT.md describe exactly the stated purpose (generating geyserbench configs, region-aware measurements, using an ERPC API key). However the provided skill.json lists system requirements (curl, optional geyserbench) while the registry metadata shows no required binaries — that's an internal inconsistency. Otherwise the resources the skill uses (local api.yml and a local benchmark binary) are coherent with benchmarking functionality.
Instruction Scope
Instructions explicitly tell the agent to read ~/.slv/api.yml for the ERPC API key and to run a local benchmark binary (geyserbench) if present. Both actions are reasonable for a benchmarking tool, but they allow the agent to read a file in your home directory (which may contain secrets) and to execute a local binary. There are no instructions to read unrelated config or to exfiltrate data, and the only network target mentioned is the expected erpc_url (https://edge.erpc.global).
Install Mechanism
This is instruction-only with no install spec and no code files; nothing will be downloaded or written by the skill itself. That minimizes installation risk.
Credentials
The skill requests no environment variables or credentials via the registry metadata, but it does expect an ERPC API key stored in ~/.slv/api.yml. Requesting the local config file is proportional to its function, but it is a form of secret access worth noting. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true and has no install actions that modify agent/system settings. It can be invoked autonomously per platform defaults, which is normal for skills; there is no evidence it requests persistent elevated privileges.
What to consider before installing
This skill appears to do what it says (generate geyserbench configs, check endpoints, and use an ERPC API key) but review these before installing: - Confirm the source: the registry metadata shows limited provenance and the skill.json points at a GitHub repo; verify that repo and the author (ValidatorsDAO) are the expected maintainers. - Be aware the agent will look for and read ~/.slv/api.yml to obtain an ERPC API key. If that file contains other secrets or you don't want the agent reading files in your home directory, do not install or remove/relocate the key beforehand. - The skill will prefer to run a local benchmark binary (geyserbench) if present. Running a binary means arbitrary code execution on your host — ensure geyserbench is from a trusted source and you understand its behavior. - Note internal inconsistencies: registry metadata lists no required binaries while skill.json declares 'curl' and optional 'geyserbench'; the version in skill.json (0.9.962) differs from the registry version (0.13.15) and the skill's homepage was listed as none while skill.json points to a GitHub page. These mismatches could be benign (packaging sloppiness) but merit verification with the publisher. If you trust the publisher and are comfortable with the agent reading ~/.slv/api.yml and optionally executing geyserbench, the skill is functionally coherent. If not, ask the author to clarify the discrepancies and to provide a verified homepage/repository before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771ydyynrtwmhckev1cw1fh983xfxj
140downloads
0stars
6versions
Updated 4w ago
v0.13.15
MIT-0
ELSOUL LABO B.V.@poppin-fumi
latest
Download

SLV Benchmark Skill

Benchmark and connectivity workflows for SLV.

Supported benchmark types

  • shredstream
  • grpc
  • rpc

Input collection order

For benchmark requests, collect inputs in this order:

  1. benchmark type
  2. region
  3. endpoint URLs

Region should be collected before execution because --region gives more accurate measurements for feed comparison.

geyserbench config generation

Use:

  • ~/.slv/api.yml for the ERPC API key when available
  • https://edge.erpc.global as erpc_url
  • two endpoint URLs for side-by-side comparison

Example config:

[config]
region = "frankfurt"
erpc_url = "https://edge.erpc.global"
erpc_api_key = "api-key"
transactions = 10000
account = "pAMMBay6oceH9fJKBRHGP5D4bD4sWpmSwMn52FMfXEA"
commitment = "processed"

[[endpoint]]
name = "http://endpoint-1"
url = "http://endpoint-1"
kind = "shredstream"

[[endpoint]]
name = "http://endpoint-2"
url = "http://endpoint-2"
kind = "shredstream"

Planned CLI shape

A natural future command shape is:

slv check geyserbench <options>

This should mirror the current slv check grpc / slv check shreds style by passing arguments through to the installed benchmark binary.

API key handling

If ~/.slv/api.yml does not contain the required ERPC API key, instruct the user to get a free API key and configure it first.

Comments

Loading comments...