← 返回 Skills 市场
My Fitness Claw
作者
Serg010101
· GitHub ↗
· v1.7.0
916
总下载
2
收藏
1
当前安装
18
版本数
在 OpenClaw 中安装
/install my-fitness-claw
功能描述
Your personal nutrition sidekick. Log meals in plain natural language, track macros (P/C/F) automatically, and visualize your progress on a beautiful real-ti...
安全使用建议
This skill is coherent with its stated purpose, but it stores personal meal data in workspace files and the agent memory directory. Before using or publishing: (1) review and back up any existing memory/ or nutrition/ files you care about; (2) understand that the dashboard loads Chart.js from a public CDN when opened in a browser; (3) if you plan to share the skill, follow the included publishing checklist to sanitize daily_macros.json, offline_data.js, insights.json, targets.json, and memory/ to avoid leaking personal information.
功能分析
Type: OpenClaw Skill
Name: my-fitness-claw
Version: 1.7.0
The skill's core functionality for nutrition tracking appears benign. However, the `SKILL.md` file contains a prompt injection instruction under 'Workflow: Logging Food' (Step 6) that tells the agent (or implicitly, the user) to `Run python -m http.server 8000 from the workspace root`. This instruction, if executed, leads to arbitrary command execution and exposes the entire OpenClaw workspace via a local web server, posing a significant information disclosure risk. While the stated purpose is for convenient offline dashboard access, this method is a severe vulnerability due to its broad scope and potential for misuse, classifying the skill as suspicious rather than benign.
能力评估
Purpose & Capability
Name and description (nutrition logging, macros/micros, dashboard) match the declared tools (canvas, read, write, edit) and the files present (nutrition/, canvas/, assets/). There are no unrelated binaries or external credentials requested.
Instruction Scope
Instructions direct the agent to read/write JSON under assets/nutrition/ and to write an offline mirror (assets/canvas/offline_data.js) and a memory file (memory/YYYY-MM-DD.md). This is consistent with a logging/dashboard skill, but it does mean the agent will persist user-provided meal data into workspace files and the agent memory directory as part of normal operation.
Install Mechanism
No install spec; the skill is instruction-only with small static assets and an offline_data.js mirror. The only external resource is Chart.js pulled from jsdelivr when the dashboard is opened in a browser, which is expected for a web dashboard.
Credentials
The skill requests no environment variables or external credentials. It declares the exact paths it will touch (nutrition/, canvas/, memory/), and the SKILL.md uses only those paths.
Persistence & Privilege
always is false and model invocation is allowed (defaults). The skill writes its own assets and memory files (normal for a local logging skill). It does not request permanent platform-wide privileges or modify other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install my-fitness-claw - 安装完成后,直接呼叫该 Skill 的名称或使用
/my-fitness-claw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.7.0
Added automatic micronutrient tracking based on 32yo male averages and general improvements.
v1.6.0
Fixed 7-day history sync issue in dashboard
v1.5.0
Redesigned history cards, added daily meal log breakdown, improved XSS safety, and implemented offline mirror fallback.
v1.4.1
Separated personal data from public distribution
v1.4.0
Added Today's Log tab, meal categorization, and timezone support
v1.3.1
Security: Removed personal data from template files
v1.3.0
General updates and bug fixes
v1.2.5
Security fix: Completely decoupled data from code to eliminate RCE risk. Dashboard now fetches data from JSON files.
v1.2.4
Privacy fix: Removed personal data from template files.
v1.2.3
Explicitly use workspace root paths for user data persistence.
v1.2.2
Security fix: Removed exec dependency and replaced sync script with native tool injection.
v1.2.1
Security: Removed exec requirement and replaced script-based sync with native edit tool logic to resolve suspicious classification.
v1.2.0
Fix XSS vulnerability in dashboard by using textContent for insights
v1.1.2
Addressed security feedback: added node binary requirement, restricted paths, and made script paths relative to skill folder.
v1.1.1
Added automatic UI sync script and updated workflow.
v1.1.0
- Added a README.md file for improved documentation and onboarding.
- Updated SKILL.md with a new, more user-friendly description that highlights natural language logging, real-time dashboard, and chat control.
- No changes to workflow or functionality; documentation and description enhancements only.
v1.0.1
- Added a `requires` section specifying needed tools and file paths for improved integration.
- Updated workflow steps for logging food, clarifying the tool usage (`write`, `edit`, `canvas`) in each step.
- Emphasized checking the common foods list before estimating macros.
- Refined dashboard update instructions, specifying API usage for presenting and syncing data.
- Cleaned up language for clearer guidance throughout the SKILL.md file.
v1.0.0
Initial release of MyFitnessClaw.
- Track daily nutrition (calories, protein, carbs, fats) with a structured log.
- Manage and update personal macro targets.
- View progress and insights on a visual macro dashboard.
- Log foods quickly, with automatic macro estimation if needed.
- Receive AI-driven health tips based on your current progress.
元数据
常见问题
My Fitness Claw 是什么?
Your personal nutrition sidekick. Log meals in plain natural language, track macros (P/C/F) automatically, and visualize your progress on a beautiful real-ti... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 916 次。
如何安装 My Fitness Claw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install my-fitness-claw」即可一键安装,无需额外配置。
My Fitness Claw 是免费的吗?
是的,My Fitness Claw 完全免费(开源免费),可自由下载、安装和使用。
My Fitness Claw 支持哪些平台?
My Fitness Claw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 My Fitness Claw?
由 Serg010101(@serg010101)开发并维护,当前版本 v1.7.0。
推荐 Skills