Safety Report

Workout

Name: Workout
Rating: 5 (2 reviews)
Author: gricha

Track workouts, log sets, manage exercises and templates with workout-cli. Supports multi-user profiles. Use when helping users record gym sessions, view history, or analyze strength progression.

2,577Downloads

3Installs

2Stars

6Versions

File Management2,100 CLI & Shell Tools1,805 Customer Support1,744 Networking & DNS1,102

Security Analysis

high confidence

Clean

The skill is an instruction-only wrapper for a local 'workout' CLI and its requirements and instructions are consistent with the stated purpose.

Mar 7, 20261 files1 concern

Purpose & Capabilityok

The name/description match the runtime requirements: the SKILL.md instructs the agent to call a 'workout' CLI to track workouts, profiles, templates and history. There are no unrelated environment variables, binaries, or features requested that don't fit a workout-tracking CLI.

Instruction Scopeok

SKILL.md contains concrete CLI commands and clear rules for logging (add unknown exercises first, ask for weights, etc.). It does not instruct the agent to read arbitrary files, environment variables, or send data to unexpected external endpoints. The scope stays within using the 'workout' CLI and interacting with the user about workout data.

Install Mechanismnote

This is instruction-only with no install spec (lower risk). However the skill requires a local 'workout' binary whose source is unknown; the agent will attempt to execute that binary. The security of the skill therefore depends on the trustworthiness of the installed 'workout' executable (its origin, permissions, and behaviour).

Credentialsok

No environment variables, credentials, or config paths are requested. That is appropriate for a CLI-focused workout logging tool.

Persistence & Privilegeok

always is false and the skill does not request elevated or persistent system privileges. It does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed by default (platform standard) but the skill does not request extra persistence.

Guidance

This skill is internally consistent, but before installing or using it: (1) Confirm you have a legitimate 'workout' CLI installed and know its origin (package source, checksum, or vendor). If the binary is unknown, an attacker could place a malicious executable named 'workout' so the agent executes it. (2) Inspect the 'workout' binary's permissions and where it stores data (home dir, ~/.config, etc.) and whether it makes network calls or uploads data. (3) If you want to limit risk, run the CLI manually first to verify behavior, or allow the skill only when explicitly invoked (disable autonomous use in agent settings). (4) Because the skill logs exercise data, avoid entering sensitive information into notes. If you want, provide the vendor/source of the 'workout' binary and I can reassess with higher confidence.

Latest Release

v1.1.0

Add multi-user profile support; add undo/edit/delete commands for logged sets

More by @gricha

Perry Workspaces

2 stars

Perry Coding Agents

2 stars

Dex Task Tracking

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Published by @gricha on ClawHub