ClawHub
Back to skill
v1.0.13

Section 11: Endurance Training Coach (Intervals.icu)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

This instruction-only coaching skill is coherent and disclosed, but it handles private training data and can optionally use external GitHub files and scheduled checks.

GuidanceBefore installing, review the referenced Section 11 GitHub materials, keep your training-data repository or folder private, limit connector permissions, avoid public URLs for personal data, and only enable the heartbeat/scheduled checks if you intentionally want background coaching.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
If not found, fetch from: https://raw.githubusercontent.com/CrankAddict/section-11/main/SECTION_11.md

The core protocol can be loaded from a mutable GitHub 'main' branch. This is disclosed and purpose-aligned, but changes to that external file could change coaching behavior.

User impactCoaching instructions may change if the external GitHub protocol changes.
RecommendationReview the referenced repository and prefer a local or commit-pinned copy of the protocol if you need stable behavior.
Rogue Agents
SeverityLowConfidenceHighStatusNote
HEARTBEAT_TEMPLATE.md
The heartbeat is fully opt-in and disabled by default. It must be explicitly configured by the user. When active, it only performs scheduled analysis (read training data → run protocol checks → write summaries/plans to your chosen location).

The template supports scheduled background analysis. It is clearly disclosed and opt-in, but enabling it means the agent may act on a schedule rather than only in direct chat.

User impactIf enabled, the agent may periodically read training data and create summaries or plans without a fresh prompt each time.
RecommendationEnable heartbeat only if you want scheduled coaching, set notification hours carefully, and disable it when no longer needed.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
GitHub connector: If the platform has a GitHub connector ... the athlete connects their private data repo directly. The AI reads files through the connector

The skill can use delegated access to a private GitHub data repository. This is expected for the training-data workflow, but users should ensure the connector is limited to the intended repo and permissions.

User impactThe agent may be able to read private training files through a connected GitHub account.
RecommendationUse a dedicated private training-data repository and grant the narrowest connector permissions available, preferably read-only.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
Data files (`latest.json`, `history.json`, `intervals.json`, `ftp_history.json`, `routes.json`, `DOSSIER.md`, `section11/`) live in the athlete's data directory ... Ask the athlete to fill in their data (zones, goals, schedule, etc.)

The skill relies on persistent and retrieved athlete files as authoritative context. This is central to the coaching purpose, but those files may contain sensitive health, location, goals, and schedule data and can influence future advice.

User impactPrivate training, route, and schedule information may be read and reused as context for coaching answers.
RecommendationKeep the data directory or repository private, avoid public raw URLs for personal data, and periodically review dossier and JSON contents for accuracy.