Is gricha/workout safe?

https://github.com/openclaw/skills/tree/main/skills/gricha/workout

98
SAFE

This skill provides legitimate documentation for a workout tracking CLI tool with commands for logging exercises, managing profiles, and viewing fitness history. The skill contains only markdown documentation with no executable code, prompt injection attempts, or data exfiltration mechanisms.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

INFO System files accessed during installation 0

During skill installation, system processes accessed sensitive files like .env, SSH keys, and AWS credentials. This is normal behavior from SSH/git operations during the clone process, not from the skill itself.

LOW External binary dependency -5

The skill requires an external 'workout' binary to be installed. While not a security issue in the skill itself, this dependency should be verified if installing the actual workout CLI tool.

LOW CLI command documentation only -5

Skill provides only documentation for fitness tracking commands. Functionality depends on external workout binary which is outside skill scope.