GymBuddy
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: gymbuddy Version: 1.0.0 The GymBuddy skill bundle is a legitimate fitness assistant toolset. The included Python scripts (build_index.py and tools/fitness_calc.py) use only standard libraries to perform local data indexing and TDEE calculations, with no evidence of network activity, data exfiltration, or obfuscation. The SKILL.md and prompt files contain standard instructions for persona adoption and knowledge retrieval without any malicious prompt-injection attempts or unauthorized command execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the bundled Python helpers and create or update a local knowledge index in the skill directory.
The skill explicitly enables local read/write/edit and Bash-capable workflows. The documented commands are narrow and purpose-aligned, but local shell and file-modification authority is still something users should notice.
allowed-tools: Read, Bash, Write, Edit ... `python tools/fitness_calc.py ...` ... `python build_index.py`
Use the skill from a trusted copy, keep Bash/write actions scoped to the skill directory, and review the included helper scripts before allowing them to run.
Users have less external provenance information for deciding whether they trust the package.
The registry metadata does not provide an upstream source or homepage, so provenance has to be assessed from the included artifacts. The provided code is small, standard-library only, and not suspicious, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none
Install only if you are comfortable trusting the published artifact and its owner; prefer a known repository or verified source if available.