GymBuddy
PassAudited by ClawScan on May 6, 2026.
Overview
GymBuddy is a coherent fitness-coaching skill with small local Python helpers and no evidence of credential use, network access, exfiltration, or hidden behavior.
This appears safe to use as a local fitness-planning assistant. Before installing, remember it can run its bundled Python helpers and write a local index file, and treat its fitness guidance as informational rather than medical advice.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the bundled Python helpers and create or update a local knowledge index in the skill directory.
The skill explicitly enables local read/write/edit and Bash-capable workflows. The documented commands are narrow and purpose-aligned, but local shell and file-modification authority is still something users should notice.
allowed-tools: Read, Bash, Write, Edit ... `python tools/fitness_calc.py ...` ... `python build_index.py`
Use the skill from a trusted copy, keep Bash/write actions scoped to the skill directory, and review the included helper scripts before allowing them to run.
Users have less external provenance information for deciding whether they trust the package.
The registry metadata does not provide an upstream source or homepage, so provenance has to be assessed from the included artifacts. The provided code is small, standard-library only, and not suspicious, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none
Install only if you are comfortable trusting the published artifact and its owner; prefer a known repository or verified source if available.