ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Benchmark Tool

v3.0.0

Benchmark CPU, memory, disk I/O, and network on your system. Use when measuring server performance.

0· 300·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description align with what the script does (CPU/memory/disk/network benchmarks). However, the registry metadata lists no required binaries while the script invokes common utilities (bc, free, dd, curl, diff). This is a minor inconsistency but explainable; these tools are typical for benchmarking.
Instruction Scope
SKILL.md simply maps commands to scripts/script.sh. The script reads /proc/meminfo, runs bc for CPU math, writes a temporary file with dd (100MB) to the provided directory, and issues HTTP requests via curl to the user-specified host. It does not read unrelated user files or exfiltrate data, but it does perform disk writes and network calls as part of normal benchmarking and will create ~/.local/share/benchmark-tool/.
Install Mechanism
No install spec is provided (instruction-only plus bundled script). Nothing is downloaded or installed at runtime by the skill itself.
Credentials
The skill declares no required environment variables or credentials and doesn't request secrets. It uses $HOME to create a data directory and relies on standard system utilities; this is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request elevated/always-on privileges. It only creates a directory under the invoking user's home and does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: local benchmarks. Before installing or running: 1) Be aware the script calls system utilities (bc, free, dd, curl, diff). Ensure those utilities exist and are the expected versions. 2) The disk test writes a ~100MB file named bench_test into the directory you specify (and then removes it); avoid running the disk test against sensitive mount points or with root privileges. 3) The network test will make an outbound HTTP(S) request to the host you provide — do not point it at private endpoints you don't want contacted. 4) The script creates ~/.local/share/benchmark-tool/ (currently unused) — check that directory if you need to remove artifacts. 5) If you need stricter assurance, run the script manually in a controlled environment (non-production VM) and inspect its runtime behavior before allowing autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk976av8ffyzdgar1pdfqkj0wnh837a0q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments