Skillv1.0.2

ClawScan security

perfguard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 14, 2026, 3:20 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (local regex-based perf scanning and optional git hook installation), but there are a few mismatches and weak spots (undeclared env usage, weak offline license verification, and repository file modifications) you should understand before installing.
Guidance: PerfGuard appears to implement a local, grep-based performance scanner and an optional git pre-commit hook installer; this is coherent with its description. Before installing: - Decide whether you want a tool that can modify your repository's lefthook.yml and run code on staged files (hooks installation appends or copies config and runs lefthook install). Review the config/lefthook.yml and how the hook sources the skill scripts to ensure it points to the intended skill installation path. - Understand license behavior: PERFGUARD_LICENSE_KEY unlocks Pro/Team features and is the declared primary credential. The offline JWT verification does not cryptographically verify tokens unless CLAWHUB_JWT_SECRET is set (an undeclared env var). That means, without the secret, the scripts perform only structural checks on the token; this weakens license enforcement and could allow local bypass of paid checks. If you rely on the signature check, set CLAWHUB_JWT_SECRET in a secure location. - The skill may use optional local tools if present (node, openssl); those are not declared as required. Ensure your environment's node/openssl behavior is acceptable. - The tool claims 'zero telemetry' and 'no external uploads' — the code is local and contains no outgoing network calls, but always inspect any hooks you install and the skill path to be sure you're sourcing the expected scripts. If these caveats are acceptable and you trust the skill source/homepage, the tool is functionally coherent; if you need stronger license guarantees or want to avoid repo modifications, proceed cautiously or request changes (declare CLAWHUB_JWT_SECRET, make signature verification mandatory, or require explicit consent before modifying lefthook.yml).

Review Dimensions

Purpose & Capability: okThe name/description match the code: the scripts implement a local, regex-based performance scanner for multiple languages and include commands for scanning, reports, hotspots and git hooks. Required binaries (git, bash, python3, jq) are reasonable for the stated features (git for repo operations/hooks, python3/jq as JSON helpers). The brew install (lefthook) aligns with the hooks feature.
Instruction Scope: noteRuntime instructions and scripts operate locally and consistently with the description (they find files, run grep-based patterns, calculate scores). The skill reads ~/.openclaw/openclaw.json for a stored license/key (declared in metadata). The hooks installation logic will source the skill's scripts from a skill directory and run a hook-scanner on staged files — that is expected but means the skill's scripts will be run automatically on commits once hooks are installed.
Install Mechanism: okInstall spec uses 'brew' to install lefthook, a known git-hooks manager. The code files themselves are instruction-based shell scripts (no external downloads in the install spec), which keeps the install surface small.
Credentials: concernPrimary credential PERFGUARD_LICENSE_KEY is declared and used for Pro/Team features — that's appropriate. However, license.sh also optionally reads CLAWHUB_JWT_SECRET (used to verify JWT signatures) and will try node/openssl if present; CLAWHUB_JWT_SECRET is not declared in requires.env. The script will accept a license token without cryptographic verification if CLAWHUB_JWT_SECRET is not set (it only enforces structural integrity and a non-empty signature segment), which weakens offline license checks and could be abused to unlock paid features locally. The scripts read ~/.openclaw/openclaw.json (declared), but they may also invoke optional tools (node, openssl) that aren't listed as required.
Persistence & Privilege: notealways:false and model invocation is allowed (default); the skill does not request system-wide persistent privileges. Installing hooks will modify or append to the project's lefthook.yml and run lefthook install — this modifies repo state (expected for a hooks installer) and could affect commit workflows. The hooks attempt to source the skill scripts from a path (default $HOME/.openclaw/skills/perfguard); if that path is changed, hooks may fail or skip scanning.