GymBuddy
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the bundled Python helpers and create or update a local knowledge index in the skill directory.
The skill explicitly enables local read/write/edit and Bash-capable workflows. The documented commands are narrow and purpose-aligned, but local shell and file-modification authority is still something users should notice.
allowed-tools: Read, Bash, Write, Edit ... `python tools/fitness_calc.py ...` ... `python build_index.py`
Use the skill from a trusted copy, keep Bash/write actions scoped to the skill directory, and review the included helper scripts before allowing them to run.
Users have less external provenance information for deciding whether they trust the package.
The registry metadata does not provide an upstream source or homepage, so provenance has to be assessed from the included artifacts. The provided code is small, standard-library only, and not suspicious, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none
Install only if you are comfortable trusting the published artifact and its owner; prefer a known repository or verified source if available.