intervals.icu CLI
ReviewAudited by ClawScan on May 1, 2026.
Overview
This looks like a legitimate Intervals.icu CLI helper, but it uses real account credentials and can make user-requested training or wellness changes.
Install only if you trust the intervals CLI source, configure credentials for the intended Intervals.icu account, and review any write request before allowing the agent to create or update events, workouts, or wellness records.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user asks for changes, the agent can alter real training calendar, workout, or wellness records; wrong dates or payloads could create incorrect account data.
These commands can mutate the user's Intervals.icu account by creating or updating scheduled events, workout library items, or wellness records. The same file also says not to perform writes or deletes unless the user asked for a mutation, so this is disclosed and purpose-aligned.
Use `events create` or `events upsert` ... Use `workouts create` ... Use `wellness put` or `wellness bulk-put`
Review any generated JSON and dates before write commands, prefer upsert only when the UID is intentional, and verify changes with a read command afterward.
The local CLI can access whatever Intervals.icu data and actions the configured key or token permits.
The skill uses Intervals.icu account credentials. This is expected for the integration and no credential leakage is shown, but either credential may grant access to private account data and permitted writes.
The CLI expects one of these environment variables: `INTERVALS_API_KEY`, `INTERVALS_ACCESS_TOKEN`
Use a revocable or least-privileged token if available, keep credentials out of shared logs, and run `intervals auth status` to confirm the intended account.
Installing the CLI would trust the referenced GitHub release asset available at install time.
The embedded installer metadata points to latest GitHub release tarballs rather than pinned versions or checksummed artifacts. This is a normal CLI installation pattern, but it requires trusting the current upstream release.
https://github.com/jonaswide/intervals-cli/releases/latest/download/intervals_linux_amd64.tar.gz
Install from the intended official repository, prefer a specific reviewed version, and verify checksums or signatures if the project provides them.