ClawHub

Daily Strava Roast

v0.2.5

Generate a playful or sharp daily roast of recent Strava activity. Use when asked to roast, recap, tease, or humorously summarize a Strava workout or a recen...

0· 205·0 current·0 all-time
byRana Salal Ali@ranasalalali

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ranasalalali/daily-strava-roast.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Daily Strava Roast" (ranasalalali/daily-strava-roast) from ClawHub.
Skill page: https://clawhub.ai/ranasalalali/daily-strava-roast
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install daily-strava-roast

ClawHub CLI

Package manager switcher

npx clawhub@latest install daily-strava-roast
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included code all align: the package reads local Strava tokens/config, fetches recent activities from the Strava API, builds a deterministic summary/context/prompt, and produces a roast. Nothing required by the repo is unrelated to generating Strava roasts.
Instruction Scope
SKILL.md and the code instruct the agent to read specific local config/token files (~/.openclaw/secure/strava_app.json and ~/.openclaw/workspace/.../strava_tokens.json), call the packaged CLI (uv run ...), and — when reauth is needed — execute a local reauth helper script. These actions are expected for Strava integration, but the skill will read and write token and state files and will execute the reauth script if present, so you should verify those files/scripts are trustworthy.
Install Mechanism
There is no external installer or remote download; the bundle is instruction-first and includes a local Python CLI. No brew/npm/extract-from-URL installs are present, so risk from install-time downloads is low.
Credentials
The skill declares no required env vars but the code will respect STRAVA_* env vars if present and defaults to reading local Strava app and token JSON files. Access to Strava credentials/tokens is necessary for the stated functionality. Be aware the code may write refreshed tokens and a roast-state file under ~/.openclaw; the package also hardcodes a default client_id fallback and will raise if client_secret is missing when attempting token refresh.
Persistence & Privilege
always:false (normal). The skill persists roast memory and writes token refresh results to user paths under ~/.openclaw, and it may execute a local reauth helper script via subprocess when available. Persisting state and calling a local reauth helper are expected, but both increase the attack surface if those files are untrusted.
Scan Findings in Context
[ignore-previous-instructions] expected: The test fixtures intentionally include a prompt-injection string (and the pre-scan flagged that pattern). The project explicitly treats activity names as untrusted and sanitizes them; the presence of the pattern in tests is an expected test for sanitization rather than evidence of malicious behavior.
Assessment
This skill is internally consistent for producing Strava roasts, but it needs access to your Strava app credentials and token file in ~/.openclaw. Before installing or enabling it: (1) verify that the config/token files it will read (~/.openclaw/secure/strava_app.json and the token path under ~/.openclaw/workspace) are the expected ones and do not contain secrets you don't want the skill to access; (2) confirm any local reauth helper script (default path ~/.openclaw/workspace/agents/tars-fit/strava_auth.py) is trusted, because the CLI may execute it to generate an auth URL; (3) note the skill will write refreshed tokens and a roast-state JSON under ~/.openclaw — if that persistence is undesirable, run in a sandbox or change the state/token paths; (4) if you want stricter control, review the CLI code (in src/daily_strava_roast/cli.py) to confirm how tokens and reauth are handled. Overall this looks coherent and appropriate for its stated purpose, but treat credential files and any reauth script with care.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e21kefkjyjnc6gehzvmr79h854k8f
205downloads
0stars
10versions
Updated 1w ago
v0.2.5
MIT-0
Rana Salal Ali@ranasalalali
latest
Download

Daily Strava Roast

Use this skill to turn recent Strava activity into a short roast-style summary.

Default workflow

  1. Use the deterministic implementation first to fetch and summarize activity.
  2. If you are inside OpenClaw and want the V2 path, use the structured context/prompt output as model input for the final paragraph only.
  3. If connected-model generation is unavailable or weak, fall back to the deterministic roast output.
  4. Do not pretend the standalone Python package has a built-in OpenClaw connected-model API if it does not.

What this skill does

This skill provides:

  • deterministic Strava fetch + summary tooling
  • adjustable tones and spice levels
  • V1 roast fallback that is stable and testable
  • V2 context/prompt building for better final-paragraph generation in the OpenClaw runtime

Preferred commands

Use the packaged CLI for deterministic preparation and fallback:

uv run --project {baseDir} daily-strava-roast summary --json --pretty
uv run --project {baseDir} daily-strava-roast context --pretty
uv run --project {baseDir} daily-strava-roast prompt
uv run --project {baseDir} daily-strava-roast roast

Do not rely on the removed legacy script path. Use the packaged CLI commands only.

Runtime guidance

When invoked inside OpenClaw for an actual roast reply:

  • run deterministic preparation first
  • use the connected/default runtime model only to write the final roast paragraph
  • keep that paragraph to one short paragraph
  • do not invent stats
  • if generation fails, return the deterministic roast instead of erroring

Runtime recipe

Use this sequence:

  1. Build context JSON:
uv run --project {baseDir} daily-strava-roast context --pretty
  1. Build the constrained prompt:
uv run --project {baseDir} daily-strava-roast prompt
  1. Ask the connected/default OpenClaw runtime model to write the final paragraph from that prompt.
  2. Before replying, sanity-check the generated paragraph:
    • exactly one paragraph
    • one or two sentences max unless unusually short
    • no bullet points
    • no invented stats
    • no stat dump; usually no more than two concrete metrics unless a third really earns its place
    • not generic AI filler
    • avoids banned phrases, stale identity/relationship jokes, pet phrases, and over-clever wording
    • avoids poetic or cosmic phrasing
    • tone matches requested spice/tone closely enough
  3. If the paragraph fails those checks or generation is unavailable, fall back to:
uv run --project {baseDir} daily-strava-roast roast

Fallback triggers

Fall back immediately if any of these happen:

  • no connected/default runtime model is available
  • generated output is empty
  • generated output invents numbers, activities, or claims not present in the prompt/context
  • generated output is multiple paragraphs or list-like
  • generated output crams in too many stats without real comedic payoff
  • generated output uses banned phrases or obvious close variants
  • generated output leans on stale identity, relationship, or defining-trait jokes
  • generated output leans on polished LLM-clever wording instead of dry mockery
  • generated output drifts into poetic, cosmic, or overly ornate phrasing
  • generated output is obviously generic, repetitive, or less readable than the deterministic roast

When falling back:

  • do not apologize unless the user needs to know
  • just return the deterministic roast text

When working purely from the repo/CLI:

  • treat connected-model generation as a runtime concern, not a packaged-CLI feature
  • keep the deterministic path working without extra runtime dependencies

Inputs

By default the skill reads Strava app config from:

~/.openclaw/secure/strava_app.json

And by default the token file is:

~/.openclaw/workspace/agents/tars-fit/strava_tokens.json

Normal auth behaviour:

  • treat ~/.openclaw/secure/strava_app.json as the canonical app-credentials source
  • if setup already exists, expired access tokens should refresh automatically using the refresh token
  • if Strava still returns 401, retry once after a forced refresh
  • if the token file is missing, invalid, or missing required fields, treat that as initial setup required and tell the user clearly
  • if the token file exists but app credentials are missing or incomplete, return config_incomplete clearly
  • if setup exists but refresh/reauthorisation is needed, return the reauth-required path instead of pretending it is a rest day
  • avoid depending on sourced shell profiles for routine auth

Use this to inspect auth readiness:

uv run --project {baseDir} daily-strava-roast auth-url

Use JSON mode when another agent needs machine-readable status:

uv run --project {baseDir} daily-strava-roast roast --json --pretty

Tones

Supported tones:

  • dry
  • playful
  • savage
  • coach

Spice

Spice controls roast intensity:

  • 0 — gentle
  • 1 — light tease
  • 2 — proper roast
  • 3 — scorched earth

References

Read as needed:

  • references/design.md for roast heuristics and failure cases
  • docs/V2.md for the V2 architecture and package/runtime boundary

Comments

Loading comments...