Likes Training Planner
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to this local config file may be able to use the Likes API with your account’s permissions.
The skill stores a Likes API key locally so later scripts can authenticate to the Likes account.
const CONFIG_FILE = path.join(CONFIG_DIR, 'likes-training-planner.json'); ... config.apiKey = apiKeyInput; ... fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
Use the Skill Center or environment-variable configuration carefully, protect ~/.openclaw files, and rotate the Likes API key if you suspect exposure.
A mistaken or unreviewed push could add or replace training plans for yourself or, with coach permissions, multiple camp members.
The push tool can add plans for the current user or camp members and can overwrite existing plans, while also providing a dry-run option.
--game-id <id> ... --user-ids <ids> ... --overwrite ... --dry-run Preview without pushing
Preview every generated plan, use --dry-run for checks, and only use --overwrite or bulk user IDs when you explicitly intend those changes.
Downloaded files may contain sensitive health, location, and training information that can persist on disk and be reused in later analysis.
The skill is designed to retrieve personal training history and activity details, including GPS data, and examples show writing results to local JSON files.
`fetch_activities.cjs` | Download training history ... `get_activity_detail.cjs` | Get single activity detail (with GPS)
Fetch only the date ranges and activity details you need, store output files in a private location, and delete old data files when no longer needed.
If the remote repository or latest release changes unexpectedly, the installer could run code different from what you reviewed here.
The recommended one-line installer runs a remote shell script from the repository, and the installer downloads the latest release rather than a pinned artifact.
curl -fsSL https://gitee.com/chenyinshu/likes-training-planner/raw/main/install.sh | bash
Prefer installing from the trusted ClawHub package or manually inspect/download a specific release before running installer commands.