Peloton Stats
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says: it logs into Peloton to fetch recent cycling stats, but it requires your Peloton credentials and will expose workout data in the agent output.
Before installing, confirm you are comfortable storing Peloton credentials for this agent and having recent cycling stats printed into the conversation. The provided code is small, disclosed, and purpose-aligned, with no evidence of unrelated data access or exfiltration.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can log into your Peloton account and display personal workout metrics in the agent session.
The script reads Peloton account credentials from the local OpenClaw auth profile, which is sensitive account access, but it is disclosed and directly related to fetching Peloton stats.
auth_path = os.path.expanduser("~/.openclaw/agents/main/agent/auth-profiles.json") ... profile = auth_data.get("profiles", {}).get("peloton:default", {}) ... password = profile.get("password")Only install/use it if you are comfortable providing Peloton credentials; keep the auth profile protected and rotate the password if you no longer trust the environment.