Skillv3.2.0

ClawScan security

Ai Coach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 12:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill largely does what its description says (TP + Garmin based training plans) but contains multiple inconsistencies and risky choices (hardcoded third‑party API key, plaintext credential storage, references to other skills/paths and missing files) that merit caution before installing.
Guidance: This skill mostly does what it claims (generate daily triathlon plans using TrainingPeaks and Garmin), but it requires you to provide sensitive credentials and stores them in plaintext. Key concerns to consider before installing: - Hardcoded API keys: send_daily_plan.py contains an embedded IMA client id and API key. If those are valid, the skill can post notes to IMA using that account; if they are leaked or revoked you should rotate them. Ideally the skill should read IMA credentials from your local config (as the SKILL.md suggests) rather than embedding keys. - Plaintext credentials and token files: the code saves Garmin and TP credentials/tokens to local files (data/credentials.json, ~/.trainingpeaks/cookie, ~/.garmin_tokens, /tmp/garmin_test_token). That increases risk if other users/processes can read your filesystem. Prefer to store secrets in secure OS key stores or limit file permissions; inspect and, if possible, run in an isolated environment. - Instructions ask you to extract a TrainingPeaks cookie using browser devtools — this is sensitive and error-prone. Consider using official OAuth flows or TrainingPeaks API tokens instead. - Code/document mismatches and bugs: SKILL.md references a tp_client.py that is not present; tp_sync.py references an undefined AI_COACH_DIR; multiple modules hardcode a Python path (~/.miniconda3/bin/python3) and reference other skill directories. These indicate the package may be unmaintained or partially copied and could fail or behave unexpectedly. - Mitigations: review the code locally before running; remove or replace hardcoded IMA keys; avoid storing passwords/cookies in plaintext (use environment variables or OS secret stores, and set restrictive file permissions); run the skill in a sandboxed account or container; rotate any credentials you upload to or generate for this skill; verify/replace the external TrainingPeaks/IMA integration with official OAuth if possible. If you are not comfortable with these issues, do not install or run the skill with your real Garmin/TrainingPeaks credentials. If you decide to proceed, audit and modify the code to eliminate hardcoded secrets and to secure credential storage first.
Findings: [hardcoded-credential:IMA_APIKEY] unexpected: send_daily_plan.py contains hardcoded IMA_CLIENTID and IMA_APIKEY values; the SKILL.md earlier suggests reading IMA credentials from ~/.config/ima/ but code ignores that and uses embedded keys. Hardcoded third‑party API keys are unexpected and risk misuse or leakage. [writes-credentials-to-disk] expected: The skill saves Garmin credentials and TrainingPeaks cookie to files (e.g., data/credentials.json, ~/.trainingpeaks/cookie, ~/.garmin_tokens). Persisting credentials is functionally needed for automated sync but storing them plaintext in skill data directories is a security concern and should be documented and hardened. [executes-subprocess-external-scripts] expected: plan_engine.py and trainer.py call external TP scripts via subprocess/os.popen using a hardcoded Python binary path (~/.miniconda3/bin/python3) and a relative trainingpeaks-skill path. Calling helper scripts is reasonable but brittle (assumes other skill installed) and can execute unexpected code if paths are tampered with. [references-other-skill-paths] unexpected: Multiple files reference other skill directories and workspace locations (TP_SKILL_DIR -> ../trainingpeaks-skill, cache file under ~/.openclaw/workspace/skills/self-evolution/...). These cross-skill path references are inconsistent with a standalone skill and may indicate copy/paste errors or accidental access to other skills' data. [missing-file-call] unexpected: SKILL.md suggests a verification command 'tp_client.py' under the skill script path but that file is not present in the manifest; this mismatch suggests the documentation and provided code are out of sync. [undefined-variable:AI_COACH_DIR] unexpected: tp_sync.py uses AI_COACH_DIR variable when writing outputs but AI_COACH_DIR is not defined in the file, indicating a likely bug that will cause runtime failures.

Review Dimensions

Purpose & Capability: noteName/description match the code: modules sync TrainingPeaks and Garmin and generate plans. However there are unexpected items: a hardcoded IMA client id/API key in send_daily_plan.py (not mentioned in manifest as a required credential), references to another skill directory (trainingpeaks-skill) and to ~/.openclaw workspace, and use of local files to store credentials—some of these are plausible but not fully justified by the SKILL.md.
Instruction Scope: concernSKILL.md tells users to extract a TrainingPeaks cookie via browser devtools and to save Garmin credentials; code implements those flows. But SKILL.md calls a tp_client.py verification command that is not present in the file manifest (missing file). SKILL.md references reading/storing cookies and token dirs; code reads/writes multiple credential/token files (e.g. ~/.trainingpeaks/cookie, data/credentials.json, ~/.garmin_tokens, /tmp/garmin_test_token, and cache under ~/.openclaw). The instructions and code both direct collection and persistent storage of sensitive authentication material (cookies, cleartext passwords, tokens).
Install Mechanism: noteNo install spec (instruction-only install), so no remote downloads are performed by an installer; that's lower risk. The code depends on external Python packages (garminconnect, garth) installed via pip per SKILL.md — expected for purpose. However the code assumes a specific Python at ~/.miniconda3/bin/python3 and executes other local scripts via subprocess/os.popen which can be brittle and surprising.
Credentials: concernRegistry metadata declares no required env vars, but runtime expects/suggests storing secrets in files or env vars (TP cookie file or TP_AUTH_COOKIE env var; GARMIN_EMAIL/GARMIN_PASSWORD env vars or user_config.json). Code also contains a hardcoded IMA_CLIENTID and IMA_APIKEY embedded in send_daily_plan.py — those are sensitive and not explained. Credentials are saved in plaintext under skill data directories and tmp files; this level of persistent credential access is significant and should be justified explicitly.
Persistence & Privilege: concernSkill writes and reads persistent files (credential files, token caches, activity and cache JSONs) under multiple locations (~/.trainingpeaks, ~/.garmin_tokens, skill 'data/' directory, /tmp/garmin_test_token, ~/.openclaw workspace path). It also references and updates config.json in the skill directory. always:false (not force-included) and autonomous invocation allowed (platform default). Persisting credentials and tokens across runs increases blast radius if those files are compromised.