ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fitness Planner

v1.4.1

健身规划助手,支持训练计划生成、打卡记录、统计周报、周期化训练、肌群进展追踪、多维度反馈、动作讲解和视频教学搜索。触发词:健身、训练计划、打卡、今天练什么、运动、周期、肌群、恢复状态、动作讲解。

0· 89·0 current·0 all-time
by@devioslang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description and the included source code are coherent for a fitness planning assistant. However the SKILL.md and code expect a Node/TypeScript build (npm install, npm run build) and runtime artifacts, while the registry 'requirements' list no required binaries. That discrepancy (no declared requirement for node/npm though package.json and build steps exist) is inconsistent and should be clarified.
!
Instruction Scope
The runtime instructions and code operate on local config/cache files under ~/.openclaw/workspace/fitness-planner which matches the stated local-only storage claim. But the skill's notifier executes shell commands (exec) to call external tooling: mcporter call 'exa.web_search_exa(...)' and SKILL.md also suggests using yt-dlp for Bilibili searches. Those calls perform web searches / network access and involve an external agent/tool whose behavior is not described in the metadata. The instructions therefore direct queries to an external search tool and rely on shell execution—this can leak any query text (including user-supplied names or context) and is broader than purely local operations.
!
Install Mechanism
There is no install spec in registry metadata, but the SKILL.md instructs building the included TypeScript code (npm install; npm run build). The package includes package.json and package-lock.json so installing will pull npm dependencies. This implicit install/build step is not declared in the skill's metadata and may fetch third-party packages at install time—review package.json and lockfile before running. There are no downloads from unknown URLs in the provided files, which reduces risk, but building still executes untrusted code on the host.
Credentials
The skill does not request secrets or environment variables and only reads process.env.HOME for file paths. That is proportionate. However it lists a default notification channel ('wecom') and contains a sendWecomMessage placeholder; if you enable external messaging you may need to supply credentials later. Also the use of external search (mcporter/yt-dlp) means the skill will send search queries externally — consider whether any data included in those queries is sensitive.
Persistence & Privilege
The skill does persist its own files (config.json, stats.json, caches) inside ~/.openclaw/workspace/fitness-planner which is normal for a local assistant. It does not request always:true and does not alter other skills' config. File writes are limited to its workspace paths.
What to consider before installing
This skill's functionality and code appear consistent with a local fitness planner, but take these precautions before installing/using: 1) Confirm you have Node.js/npm (the skill expects you to run npm install && npm run build) and review package.json/package-lock.json to see what third-party packages will be installed. 2) Inspect the code (notifier.js and any modules that call child_process.exec) to understand what shell commands will be run; the skill uses mcporter call 'exa.web_search_exa(...)' and SKILL.md mentions yt-dlp — both perform network searches and will send the search query text externally. Ask: what is mcporter in your environment and where does it send queries? 3) If you care about privacy, note that video search queries (exercise names or context) may be sent out; the skill caches results locally for 30 days. 4) Because the skill executes shell commands, run builds and initial execution in a controlled environment (or review/execute code manually) before giving it access to your normal workspace. 5) If you plan to enable messaging (wecom or other), verify how credentials are provided and whether the skill will store them. If you want to proceed, run the build in an isolated environment, audit dependencies, and confirm the behavior of mcporter/yt-dlp on your system.

Like a lobster shell, security has layers — review code before you run it.

latestvk975mkn6tafqfbqcwjd2f0rsc183fr65

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments