ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trainer Buddy Pro

v1.0.3

Your AI strength coach that customizes workouts from gym photos, tracks progress, adapts to injuries, and plans smart splits with no subscription needed.

0· 53·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files (SKILL.md, examples, config, data schema) align with a local workout-tracking & photo-to-workout assistant. However, the package also includes a dashboard kit and database/sync specs (Supabase/Postgres) that imply optional cloud sync functionality not listed in the skill's declared requirements — this is an extra capability that would require credentials/network access if enabled.
Instruction Scope
SKILL.md confines runtime behavior to reading/writing data in the skill's directory, using the model/vision tools, and treating OCR/text from images as untrusted data; it explicitly instructs the agent not to follow instructions embedded in images. It does instruct reading local profile data (data/user-profile.json), which is consistent with its purpose.
Install Mechanism
This is an instruction-only skill with no install spec (no packages downloaded). That minimizes install-time risk. The provided setup instructions copy config and script files into the workspace; those are local filesystem operations.
Credentials
The skill declares no required environment variables or credentials, which matches the README/SECURITY claims of local-only operation. However, the dashboard/DB files describe optional cloud modes (Supabase) that would require credentials/network access if the user enables them — these credentials are not declared by the skill and are optional, so the default behavior appears local-only but functionality could expand if the user opts into it.
!
Persistence & Privilege
The skill does not request elevated privileges and always:false. That said, the included backup script (scripts/backup-workout-data.sh) contains garbled/malformed code in its workspace/root-detection function and should not be run without inspection. The script otherwise intends to copy data into skill-local backups and prune old backups; its intent is reasonable, but the corruption raises risk of failures or unexpected behavior if executed.
Scan Findings in Context
[prompt-injection-pattern] expected: The static scan detected prompt-injection tokens (e.g., ignore-previous-instructions). SKILL.md actually includes a dedicated Prompt Injection Defense section that tells the agent to ignore such text from images/external content, so the detection is likely triggered by the skill's defensive wording rather than an active injection attempt. Still, presence of the pattern is worth noting.
What to consider before installing
What to consider before installing: - The core functionality appears coherent and local-only by default (no env vars, no required binaries). That matches the README/SECURITY claims in normal use. - Do NOT run the included backup script (scripts/backup-workout-data.sh) without first opening it in an editor. The script contains broken/garbled lines in its root-detection routine; that looks like accidental corruption and could cause errors. If you need the backup behavior, fix or rewrite the function or only copy its non-problematic logic. - Be aware the package contains a dashboard kit and SQL/schema files which describe an optional cloud mode (Supabase). Enabling that will require external credentials and network access — those are not required by default and are not declared by the skill. Only opt into cloud sync if you understand and trust the destination and supply credentials yourself. - The SKILL.md includes prompt-injection defenses (good). Still, treat any external content (OCR text, pasted workouts) as untrusted and avoid blindly executing any shell commands found in uploaded content. - Practical steps: (1) Review scripts and SETUP-PROMPT.md locally before running any install commands; (2) keep skill data directory permissions tight (as recommended); (3) do initial testing in a sandboxed workspace or container; (4) if you do enable dashboard/cloud sync, provide only minimal credentials and monitor network activity. If you want, I can: (A) show the exact lines in the backup script that are malformed and suggest a corrected version, or (B) point out the places in SKILL.md/dashboard files where optional cloud sync would be enabled so you can audit them before use.
!
SKILL.md:20
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm6hcphck7a4ptpxhvd257n83zy48

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments