← 返回 Skills 市场
RUNSTR Fitness
作者
TheWildHustle
· GitHub ↗
· v1.0.0
1575
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install runstr-fitness
功能描述
Give your AI agent access to your health and fitness data from RUNSTR. Fetches workouts, habits, journal entries, mood, steps, and more from Nostr. Use when the user asks about their workouts, fitness history, health habits, mood tracking, or wants AI fitness coaching based on real data.
安全使用建议
This skill appears to do what it says (read and decrypt RUNSTR backups on Nostr), but it requires you to hand over your Nostr private key (nsec). Sharing that key lets anyone act as your Nostr identity (post/sign) and read any encrypted data for that identity. Before installing or using this skill:
- Do not paste your primary/personal nsec into a public or third-party chat. Create a dedicated RUNSTR/Nostr identity for fitness backups and use that account's nsec instead.
- Prefer decrypting locally yourself (install nak locally and run the commands in a terminal you control) instead of sending the secret to an agent.
- If you must use the agent, verify how it handles secrets (will it store logs? are transcripts retained?), ask for explicit ephemeral-input handling, and insist it deletes the secret after use.
- Verify the nak repo and consider pinning to a known commit or release rather than installing @latest. Inspect the binary source if possible.
- Consider manual review of the decrypted backup before allowing the agent to use it for coaching; redact any content you don't want the agent to see.
If you cannot follow these precautions, avoid providing your nsec to the agent.
功能分析
Type: OpenClaw Skill
Name: runstr-fitness
Version: 1.0.0
The skill requires the user to provide their highly sensitive Nostr private key (nsec) to the AI agent for decrypting fitness data. While the skill explicitly states the nsec is not stored, logged, or transmitted, and the provided code snippets (using `nak` and a Node.js script in SKILL.md) show it being used locally for decryption, the handling of such a critical credential by an AI agent is a significant security risk. There is no clear evidence of malicious intent like exfiltration or persistence, but the inherent risk of processing a private key warrants a 'suspicious' classification.
能力评估
Purpose & Capability
The skill claims to read encrypted RUNSTR backups from Nostr and its runtime instructions require the 'nak' tool and the user's Nostr private key (nsec) to decrypt kind 30078 messages — this is coherent and proportionate to the stated goal.
Instruction Scope
Runtime instructions explicitly tell the agent to accept the user's nsec via conversation ("Tell your bot: Here's my RUNSTR nsec: nsec1...") and run shell commands that decode/decrypt it. The SKILL.md asserts the nsec is never stored, logged, or transmitted, but gives no concrete steps to ensure deletion, avoid logging, or prevent accidental exfiltration. The Node fallback writes a script to /tmp. These instructions put a very sensitive secret into agent-handled channels without enforced safeguards.
Install Mechanism
Installation uses a standard Go install: 'go install github.com/fiatjaf/nak@latest', which builds a binary ('nak') from the GitHub repo. This is a common approach for Go tools but still runs unpinned code from a third‑party repo on the host. Recommend pinning to a release commit or verifying the repo before running.
Credentials
No environment variables or config paths are requested, which is consistent. The skill requires the user's Nostr private key (nsec) provided interactively — this is necessary to decrypt RUNSTR backups but is extremely sensitive. The skill does not request unrelated credentials, so the requested access is proportional, but the mechanism of providing the secret (chat paste) raises privacy and misuse concerns.
Persistence & Privilege
The skill does not request 'always: true', does not declare persistent system changes, and has no install steps that modify other skills or system-wide agent configs. It installs a single binary ('nak') via the Go toolchain; nothing indicates it will persist beyond the installed tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install runstr-fitness - 安装完成后,直接呼叫该 Skill 的名称或使用
/runstr-fitness触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
RUNSTR Fitness 是什么?
Give your AI agent access to your health and fitness data from RUNSTR. Fetches workouts, habits, journal entries, mood, steps, and more from Nostr. Use when the user asks about their workouts, fitness history, health habits, mood tracking, or wants AI fitness coaching based on real data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1575 次。
如何安装 RUNSTR Fitness?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install runstr-fitness」即可一键安装,无需额外配置。
RUNSTR Fitness 是免费的吗?
是的,RUNSTR Fitness 完全免费(开源免费),可自由下载、安装和使用。
RUNSTR Fitness 支持哪些平台?
RUNSTR Fitness 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 RUNSTR Fitness?
由 TheWildHustle(@thewildhustle)开发并维护,当前版本 v1.0.0。
推荐 Skills