Fitness
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may remember sensitive fitness, health, schedule, recovery, or injury-related details across future interactions, even when the user did not intend a particular source or conversation to be used for fitness memory.
This directs the agent to collect health and fitness information broadly and store it persistently, without clear limits on approved sources, retention, user review, or deletion.
Absorb fitness mentions from ANY source ... User preferences and learned data persist in: `~/fitness/memory.md` ... Observe and fill.
Require explicit user approval for each data source, keep source labels, provide a way to review and delete `~/fitness/memory.md`, and avoid storing medical or injury details unless the user opts in.
If the user connects these services, the agent could access sensitive activity, recovery, heart-rate, race, or social-fitness information.
These integrations are purpose-aligned for a fitness skill, but they can involve health-account or social-fitness data if connected. The artifacts do not show credential handling or token use.
Wearable Integrations - Apple Watch/HealthKit, Fitbit, Garmin, Whoop, Oura ... External Sources - Race results: Strava ... Gym apps: Strong, Hevy
Only connect accounts and exports you intend the skill to use, and prefer narrow, revocable permissions where available.