ClawHub

Strong Skill

v1.1.0

Interact with the Strong v6 workout tracker REST API — login, list exercises, fetch workout logs and templates, manage folders, tags, measurements, and widge...

1· 97·0 current·0 all-time
byIván Moreno@ivanvmoreno
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested resources: python3 and STRONG_USERNAME/STRONG_PASSWORD are exactly what a CLI that logs into the Strong API would need. Required config paths and binaries are proportionate to the stated function.
Instruction Scope
SKILL.md tells the agent to run scripts/strong_runner.py; that script reads only the declared env vars and issues HTTPS requests to back.strong.app. The instructions do not ask the agent to read unrelated files, touch other credentials, or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only + bundled script). The included Python script uses only the standard library — no downloads or third-party package installs are requested.
Credentials
Only STRONG_USERNAME and STRONG_PASSWORD are required. Both are justified by the skill's purpose (log in to the Strong API). The primaryEnv being STRONG_USERNAME is reasonable; the password is also required but declared in SKILL.md.
Persistence & Privilege
The skill is not always:true, does not request elevated or system-wide access, and does not modify other skills or system configuration. It authenticates on each run and does not persist tokens to disk.
Assessment
This skill appears coherent and behaves as described, but consider the following before installing: (1) It requires your Strong account username and password in environment variables so the script can call back.strong.app — only provide credentials if you trust the skill and source. (2) The API used is unofficial/reverse-engineered (SKILL.md warns of this); that may break or behave differently than an official API. (3) The script prints JSON responses to stdout (the agent will see that output). If you'd prefer not to place your password in an environment variable, avoid enabling the skill. (4) Review the included script yourself if you want additional assurance (it's pure Python and uses HTTPS only).

Like a lobster shell, security has layers — review code before you run it.

latestvk9767bayek5gpk075ef0zf339d83qg49

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💪 Clawdis
Binspython3
EnvSTRONG_USERNAME, STRONG_PASSWORD
Primary envSTRONG_USERNAME

Comments