Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
trainer-buddy-pro
v1.0.0Your AI personal trainer that creates custom workouts from your gym photo, tracks progress and PRs, adapts training splits and exercises around injuries, and...
⭐ 0· 34·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Primary purpose (generate workouts from gym photos, track PRs and user profile stored in local JSON files) matches the files and runtime instructions. No environment variables, binaries, or downloads are required. However, the included dashboard-kit and dashboard spec describe optional cloud/database sync (Supabase/Postgres) and a manifest that can read the skill's data directory; this contradicts the strong ‘no data exfiltration’ claims in README/SECURITY.md and the advertised guarantee that data never leaves the machine.
Instruction Scope
SKILL.md is specific about actions (use vision tool to detect equipment, read/write data/user-profile.json, generate workouts) and includes an explicit prompt-injection defense. Instructions to read and update local data files are appropriate. The concern is that some repository files (dashboard-kit, dashboard spec, SQL schema) provide explicit instructions and artifacts for pushing data into a cloud database if a user chooses to build the dashboard — expanding the runtime scope beyond strictly local usage if the user opts into that path.
Install Mechanism
No install spec or remote downloads. SETUP-PROMPT.md is an instruction-only copy-and-permission workflow (copy config/script into workspace, create data/). scripts/backup-workout-data.sh is present and uses safe patterns (audit notes indicate prior unsafe patterns were fixed). No evidence of arbitrary remote code fetch or execution in install steps.
Credentials
The skill requires no environment variables or credentials by default (consistent with the trainer functionality). However, optional artifacts (dashboard-spec, SQL schemas, and dashboard manifest) imply a possible cloud/dashboard integration that would require DB credentials or API keys if deployed — these are not required but would be necessary to enable the dashboard. The README/SECURITY.md claim of 'no data exfiltration' is therefore conditional on not enabling the dashboard; that subtlety is not emphasized consistently.
Persistence & Privilege
The package does not request elevated or always-on privileges. always is false and the skill does not modify other skills or system-wide settings. Its runtime behavior is limited to reading/writing within its own skill/data directory and an included backup script that writes backups under skills/trainer-buddy-pro/backups. The setup/uninstall steps operate at the skill directory level only.
Scan Findings in Context
[prompt-injection-pattern:ignore-previous-instructions] expected: The static scanner flagged a prompt-injection pattern. SKILL.md intentionally documents prompt-injection defense and includes the phrase as an example of hostile content to IGNORE, so the flagged pattern is present as defensive text rather than an active injection. Still verify the hosting agent respects these instructions at runtime.
What to consider before installing
Trainer Buddy Pro appears to implement its core feature set locally and includes well-documented prompt-injection defenses and a reasonably safe backup script. Before installing: (1) If you require strict local-only guarantees, do not enable or build the dashboard/Sync features — the dashboard artifacts show how data could be pushed to a cloud DB if you choose to deploy them. (2) Review the dashboard-kit and any Supabase/remote deployment steps before providing any DB/API credentials; the core skill does not need them. (3) Keep the data/ directory permissions tight (chmod 700 for directory, 600 for files) as recommended, and consider disk-level encryption for health-related data. (4) Confirm the agent implementation actually enforces the SKILL.md prompt-injection rules (the SKILL.md contains defensive text, but enforcement depends on the host). (5) If you do want the dashboard, plan to audit any additional code you add for network calls and credentials handling. The package is coherent for local use but has optional components that expand scope — proceed with caution and explicit opt-in for any cloud sync.SKILL.md:20
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97649xtbjz70j3dvgf31fngqh83ykfv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.