Speedtest
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent speed-test helper, but it can save network history, install/run Ookla's CLI, and optionally publish results using social-account credentials.
Install only if you are comfortable running the Speedtest CLI and optionally connecting social accounts. Review any generated post before publishing, be cautious with the Linux sudo installer command, and manage or delete the local speed history file if the data is sensitive.
VirusTotal
57/57 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent chooses the publishing path, the skill can create public posts containing network performance details.
The script can publish generated speed-test results to Moltbook or Twitter after a prompt or when an auto-post option is used.
read -r CHOICE ... curl -s -X POST https://www.moltbook.com/api/v1/posts ... bird tweet "$TWEET_TEXT"
Use the posting feature only on explicit request, review the generated text before publishing, and avoid auto-post options unless intended.
The skill can act through the user's Moltbook account when the posting path is selected.
The Moltbook publishing path reads a local API key and uses it as a bearer token for posting.
API_KEY=$(grep -o '"api_key":"[^"]*"' "${HOME}/.config/moltbook/credentials.json" | cut -d'"' -f4)Ensure the Moltbook credential is expected, scoped appropriately, and only used when you intentionally publish.
Running that setup command trusts a remote installer with administrator-level access.
The Linux setup instructions include a user-run remote installer script with sudo privileges.
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
Install the Speedtest CLI from trusted official sources, inspect installer scripts when possible, and avoid running privileged setup commands unnecessarily.
A local record of connection speeds, latency, and test server location may accumulate over time.
The skill intentionally persists speed-test results over time in a local history file.
History is saved to `~/.openclaw/data/speedtest-history.jsonl`
Keep or delete the history file according to your privacy preferences, especially before sharing logs or device backups.
If raw JSON output is copied into a chat or shared publicly, it may reveal local or public network identifiers.
The reference shows raw Speedtest JSON may include network identifiers, even though the provided social/history scripts mostly filter them out.
"internalIp": "192.168.1.100", ... "macAddr": "AA:BB:CC:DD:EE:FF", ... "externalIp": "1.2.3.4"
Prefer the formatted output for sharing and redact raw Speedtest JSON fields such as IP addresses and MAC addresses.