Skills
skills/l3digital-net/claude-code-plugins/perf/Gen Agent Trust Hub

perf

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently uses 'sudo' to run performance monitoring commands that access restricted kernel events and process data (e.g., 'sudo perf top', 'sudo perf record').
  • [COMMAND_EXECUTION]: Instructions involve modifying sensitive kernel security parameters using 'sysctl kernel.perf_event_paranoid' to allow profiling access, which can lower the overall security posture of the system.
  • [EXTERNAL_DOWNLOADS]: The skill recommends cloning an external repository ('github.com/brendangregg/FlameGraph') to provide additional functionality (flame graphs) not built into the primary tool.
  • [REMOTE_CODE_EXECUTION]: Workflow instructions include piping profiling data directly into scripts ('stackcollapse-perf.pl' and 'flamegraph.pl') downloaded from an external GitHub repository, which constitutes the execution of unverified remote code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 01:37 PM