ClawHub

Pipeworx wger

v1.0.0

Access a detailed exercise database with muscle groups, equipment info, and instructions to build and manage workout routines.

0· 5·0 current·0 all-time
byBruce Gutman@brucegutman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (exercise database, muscles, equipment, routines) match the SKILL.md: the only actions are listing muscles/equipment and fetching exercises via an external JSON-RPC endpoint. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to calling the pipeworx gateway API (https://gateway.pipeworx.io/wger/mcp) with JSON-RPC 'tools/call' methods. The SKILL.md does not instruct reading local files, other env vars, or sending data to unexpected endpoints.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only and does not write anything to disk or install packages.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a read-only API client; however, the SKILL.md does communicate with an external service (gateway.pipeworx.io) so any data the agent sends will go to that endpoint.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request persistent presence or elevated privileges and does not modify other skills' configurations.
Assessment
This skill is internally consistent and appears to just proxy queries to an external workout database at gateway.pipeworx.io. Before using it: (1) consider privacy — any queries (including workout details or text you provide) will be sent to that external endpoint; (2) confirm the gateway's trustworthiness or look for an official homepage/source (none is listed); (3) because no credentials are declared, expect the service to accept unauthenticated calls or to require undocumented keys — be cautious about providing secrets; (4) keep it user-invocable (don’t enable always:true) and test it with non-sensitive inputs first. If you need higher assurance, ask the publisher for a source repository or a privacy/security policy for gateway.pipeworx.io.

Like a lobster shell, security has layers — review code before you run it.

latestvk977rdzkbny50gaa40s4v8sgz584yk2q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments