← Back to Skills Marketplace
RUNSTR Fitness
by
TheWildHustle
· GitHub ↗
· v1.0.0
1575
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install runstr-fitness
Description
Give your AI agent access to your health and fitness data from RUNSTR. Fetches workouts, habits, journal entries, mood, steps, and more from Nostr. Use when the user asks about their workouts, fitness history, health habits, mood tracking, or wants AI fitness coaching based on real data.
Usage Guidance
This skill appears to do what it says (read and decrypt RUNSTR backups on Nostr), but it requires you to hand over your Nostr private key (nsec). Sharing that key lets anyone act as your Nostr identity (post/sign) and read any encrypted data for that identity. Before installing or using this skill:
- Do not paste your primary/personal nsec into a public or third-party chat. Create a dedicated RUNSTR/Nostr identity for fitness backups and use that account's nsec instead.
- Prefer decrypting locally yourself (install nak locally and run the commands in a terminal you control) instead of sending the secret to an agent.
- If you must use the agent, verify how it handles secrets (will it store logs? are transcripts retained?), ask for explicit ephemeral-input handling, and insist it deletes the secret after use.
- Verify the nak repo and consider pinning to a known commit or release rather than installing @latest. Inspect the binary source if possible.
- Consider manual review of the decrypted backup before allowing the agent to use it for coaching; redact any content you don't want the agent to see.
If you cannot follow these precautions, avoid providing your nsec to the agent.
Capability Analysis
Type: OpenClaw Skill
Name: runstr-fitness
Version: 1.0.0
The skill requires the user to provide their highly sensitive Nostr private key (nsec) to the AI agent for decrypting fitness data. While the skill explicitly states the nsec is not stored, logged, or transmitted, and the provided code snippets (using `nak` and a Node.js script in SKILL.md) show it being used locally for decryption, the handling of such a critical credential by an AI agent is a significant security risk. There is no clear evidence of malicious intent like exfiltration or persistence, but the inherent risk of processing a private key warrants a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The skill claims to read encrypted RUNSTR backups from Nostr and its runtime instructions require the 'nak' tool and the user's Nostr private key (nsec) to decrypt kind 30078 messages — this is coherent and proportionate to the stated goal.
Instruction Scope
Runtime instructions explicitly tell the agent to accept the user's nsec via conversation ("Tell your bot: Here's my RUNSTR nsec: nsec1...") and run shell commands that decode/decrypt it. The SKILL.md asserts the nsec is never stored, logged, or transmitted, but gives no concrete steps to ensure deletion, avoid logging, or prevent accidental exfiltration. The Node fallback writes a script to /tmp. These instructions put a very sensitive secret into agent-handled channels without enforced safeguards.
Install Mechanism
Installation uses a standard Go install: 'go install github.com/fiatjaf/nak@latest', which builds a binary ('nak') from the GitHub repo. This is a common approach for Go tools but still runs unpinned code from a third‑party repo on the host. Recommend pinning to a release commit or verifying the repo before running.
Credentials
No environment variables or config paths are requested, which is consistent. The skill requires the user's Nostr private key (nsec) provided interactively — this is necessary to decrypt RUNSTR backups but is extremely sensitive. The skill does not request unrelated credentials, so the requested access is proportional, but the mechanism of providing the secret (chat paste) raises privacy and misuse concerns.
Persistence & Privilege
The skill does not request 'always: true', does not declare persistent system changes, and has no install steps that modify other skills or system-wide agent configs. It installs a single binary ('nak') via the Go toolchain; nothing indicates it will persist beyond the installed tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install runstr-fitness - After installation, invoke the skill by name or use
/runstr-fitness - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is RUNSTR Fitness?
Give your AI agent access to your health and fitness data from RUNSTR. Fetches workouts, habits, journal entries, mood, steps, and more from Nostr. Use when the user asks about their workouts, fitness history, health habits, mood tracking, or wants AI fitness coaching based on real data. It is an AI Agent Skill for Claude Code / OpenClaw, with 1575 downloads so far.
How do I install RUNSTR Fitness?
Run "/install runstr-fitness" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RUNSTR Fitness free?
Yes, RUNSTR Fitness is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RUNSTR Fitness support?
RUNSTR Fitness is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RUNSTR Fitness?
It is built and maintained by TheWildHustle (@thewildhustle); the current version is v1.0.0.
More Skills