Run Coach
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate running-coach skill, but its image-generation feature renders unescaped text in a headless browser, which is risky with untrusted content.
Install only if you are comfortable giving it Telegram credentials and, optionally, Garmin credentials. Avoid converting untrusted or HTML-like text into images until the escaping issue is fixed, and review the local MEMORY.md and garmin/ data files because they can contain sensitive health and training history.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental HTML/script payload in text being converted to an image could run inside the browser rendering step or trigger unexpected network/file rendering behavior.
Title and content are inserted into HTML without escaping, then the generated HTML is passed into the screenshot pipeline. If untrusted text contains HTML or script markup, it can be rendered/executed by the headless browser.
return `<div style="margin:4px 0">${l}</div>`; ... `<div class="header"><h1>${title}</h1></div>` ... bash "${SCRIPT_DIR}/send-plan.sh" "$TITLE" "$TEMP_HTML"Escape HTML special characters before rendering plain text, disable JavaScript for screenshots if not needed, and only use the image feature with trusted training-plan text until fixed.
When you ask for image output, the agent may execute local shell/Node scripts rather than only responding in chat.
The skill intentionally relies on local exec calls to generate and send images. This matches the visual-plan purpose, but users should know the agent will run bundled scripts.
Always use exec + training/text-to-image.sh or training/send-plan.sh for images
Use the image-sending commands only for intended plan content, and review script behavior before allowing autonomous use.
The skill can access your Garmin Connect account data and leaves local Garmin session/data artifacts that should be protected.
Optional Garmin sync uses Garmin account credentials and caches a Garmin session token under the skill directory.
email = os.environ.get("GARMIN_EMAIL", "").strip(); password = os.environ.get("GARMIN_PASSWORD", "").strip(); ... client.garth.dump(GARTH_HOME)Use Garmin sync only if you accept the unofficial integration, store credentials securely, and remove the local garmin/.garth cache if you uninstall or no longer use the integration.
Your environment may download and run code or browser binaries from external package sources during optional setup.
The optional setup instructions install third-party components without pinned versions. This is normal for the stated Garmin/Playwright features, but it depends on external package provenance.
pip install garminconnect ... npx playwright install chromium
Install optional dependencies only in a trusted environment, prefer pinned versions where possible, and review package sources before use.
Personal health/training details may persist and influence future coaching responses.
The memory file stores personal running, injury, and training-log information and is reused across sessions.
This file is auto-loaded every session. ... Injury history ... Training Log Summary (Bot will update this automatically after each run)
Keep MEMORY.md accurate, avoid storing information you do not want reused, and periodically review or clear old training/injury notes.