← 返回 Skills 市场
88
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install trainer-buddy-pro
功能描述
Your AI personal trainer that creates custom workouts from your gym photo, tracks progress and PRs, adapts training splits and exercises around injuries, and...
安全使用建议
Trainer Buddy Pro appears to implement its core feature set locally and includes well-documented prompt-injection defenses and a reasonably safe backup script. Before installing: (1) If you require strict local-only guarantees, do not enable or build the dashboard/Sync features — the dashboard artifacts show how data could be pushed to a cloud DB if you choose to deploy them. (2) Review the dashboard-kit and any Supabase/remote deployment steps before providing any DB/API credentials; the core skill does not need them. (3) Keep the data/ directory permissions tight (chmod 700 for directory, 600 for files) as recommended, and consider disk-level encryption for health-related data. (4) Confirm the agent implementation actually enforces the SKILL.md prompt-injection rules (the SKILL.md contains defensive text, but enforcement depends on the host). (5) If you do want the dashboard, plan to audit any additional code you add for network calls and credentials handling. The package is coherent for local use but has optional components that expand scope — proceed with caution and explicit opt-in for any cloud sync.
功能分析
Type: OpenClaw Skill
Name: trainer-buddy-pro
Version: 1.0.0
The skill bundle includes a shell script (`scripts/backup-workout-data.sh`) that performs automated file deletions (`rm -rf`) and uses recursive path discovery to locate the workspace root, which is a high-risk capability in an agentic environment. Furthermore, the `dashboard-kit/manifest.json` and `DASHBOARD-SPEC.md` define a synchronization mechanism that exports the entire `data/` directory—containing sensitive personal health information and injury logs—to external cloud databases (Supabase). While the bundle includes a self-authored security audit (`CODEX-SECURITY-AUDIT.md`) and explicit prompt-injection defenses in `SKILL.md`, the combination of shell-based file management and the potential for sensitive data exfiltration via the dashboard sync qualifies as suspicious.
能力评估
Purpose & Capability
Primary purpose (generate workouts from gym photos, track PRs and user profile stored in local JSON files) matches the files and runtime instructions. No environment variables, binaries, or downloads are required. However, the included dashboard-kit and dashboard spec describe optional cloud/database sync (Supabase/Postgres) and a manifest that can read the skill's data directory; this contradicts the strong ‘no data exfiltration’ claims in README/SECURITY.md and the advertised guarantee that data never leaves the machine.
Instruction Scope
SKILL.md is specific about actions (use vision tool to detect equipment, read/write data/user-profile.json, generate workouts) and includes an explicit prompt-injection defense. Instructions to read and update local data files are appropriate. The concern is that some repository files (dashboard-kit, dashboard spec, SQL schema) provide explicit instructions and artifacts for pushing data into a cloud database if a user chooses to build the dashboard — expanding the runtime scope beyond strictly local usage if the user opts into that path.
Install Mechanism
No install spec or remote downloads. SETUP-PROMPT.md is an instruction-only copy-and-permission workflow (copy config/script into workspace, create data/). scripts/backup-workout-data.sh is present and uses safe patterns (audit notes indicate prior unsafe patterns were fixed). No evidence of arbitrary remote code fetch or execution in install steps.
Credentials
The skill requires no environment variables or credentials by default (consistent with the trainer functionality). However, optional artifacts (dashboard-spec, SQL schemas, and dashboard manifest) imply a possible cloud/dashboard integration that would require DB credentials or API keys if deployed — these are not required but would be necessary to enable the dashboard. The README/SECURITY.md claim of 'no data exfiltration' is therefore conditional on not enabling the dashboard; that subtlety is not emphasized consistently.
Persistence & Privilege
The package does not request elevated or always-on privileges. always is false and the skill does not modify other skills or system-wide settings. Its runtime behavior is limited to reading/writing within its own skill/data directory and an included backup script that writes backups under skills/trainer-buddy-pro/backups. The setup/uninstall steps operate at the skill directory level only.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trainer-buddy-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/trainer-buddy-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
trainer-buddy-pro 是什么?
Your AI personal trainer that creates custom workouts from your gym photo, tracks progress and PRs, adapts training splits and exercises around injuries, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。
如何安装 trainer-buddy-pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trainer-buddy-pro」即可一键安装,无需额外配置。
trainer-buddy-pro 是免费的吗?
是的,trainer-buddy-pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
trainer-buddy-pro 支持哪些平台?
trainer-buddy-pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 trainer-buddy-pro?
由 Nollio(@nollio)开发并维护,当前版本 v1.0.0。
推荐 Skills