Daily Fitness
v1.0.0每天推荐一套5-15分钟快速运动方案,含动作示意和计时器,无需器材。Daily 5-15 min no-equipment workout with interactive timer. Trigger on:今日运动、每日锻炼、今天练什么、daily fitness、daily workout、quick wo...
⭐ 0· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Overall the code and SKILL.md align with a daily workout generator and optional push scheduling. Minor mismatch: the scripts include a VOCAB_THEMES array and variables named vocab_theme/tomorrow_vocab_theme that appear unrelated to fitness (likely leftover from copy/paste). This is odd but not harmful.
Instruction Scope
SKILL.md confines operations to generating an HTML workout artifact saved to /mnt/user-data/outputs and describes how to enable local push scheduling. The runtime instructions and included scripts do not read unrelated system paths or contact external endpoints; they only read/write a local data/users directory and emit scheduler markers via stdout.
Install Mechanism
No install spec; instruction-only skill with small helper scripts. Nothing is downloaded or extracted from arbitrary URLs and no packages are installed by the skill itself.
Credentials
The skill requires no environment variables or external credentials. The scheduling code references messaging channels (telegram/feishu/slack/discord) only by name and emits scheduler registration logs — it does not contain tokens or network integration code.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or global agent configuration. It writes per-user JSON files under data/users (normal for push preference storage) and emits __OPENCLAW_CRON_ADD__/RM__ markers for scheduler registration — this is expected behavior for a push-capable skill.
Assessment
This package appears to do what it says: generate a small HTML workout and optionally register local push reminders. Before enabling pushes, confirm how your OpenClaw environment handles the special __OPENCLAW_CRON_ADD__/__OPENCLAW_CRON_RM__ logs (they register scheduled jobs) and that you trust that scheduler. Note the scripts store per-user JSON under data/users — ensure that directory's permissions are acceptable. The presence of VOCAB_THEMES suggests some copy/paste remnants but not malicious behavior. Also be aware the generated HTML includes 'ad-slot' placeholders: if you serve the artifact publicly or embed third-party ad code into those slots, review that code for privacy implications. If you want extra assurance, open the generated HTML and the scripts in a sandboxed environment before enabling pushes or exposing outputs publicly.Like a lobster shell, security has layers — review code before you run it.
latestvk970jj3ntj85qeapsqrscb3c4s8427sz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.