Garmin MCP
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: garmin-mcp Version: 0.1.1 The skill bundle provides documentation and setup instructions for integrating Garmin Connect data via the Model Context Protocol (MCP). The SKILL.md file outlines standard installation procedures using 'npx -y garmin-mcp-unofficial' and includes proactive safety guidelines that advise against storing credentials in configuration files, recommending local token management instead. No malicious patterns, data exfiltration logic, or harmful prompt injections were identified; the instructions are consistent with the stated purpose of health data integration (https://github.com/davidmosiah/garminmcp).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup will execute code from an external package, so a compromised or mistaken package could affect the local environment.
The setup runs an external npm package with automatic yes behavior and no pinned version in the artifact. This is purpose-aligned for installing an MCP connector, but the package code is not included in the reviewed artifacts.
`npx -y garmin-mcp-unofficial setup`
Verify the npm package and linked GitHub repository before running the npx commands, and consider pinning a trusted version.
Garmin tokens could allow access to personal wellness and activity data if exposed or mishandled.
The skill expects Garmin account authentication and persistent local token storage. That is expected for a Garmin connector, but it grants access to a sensitive personal account.
Garmin credentials should never be placed in MCP client config. Use the local helper/token flow and keep tokens under ~/.garmin-mcp/.
Use the documented local token flow, keep tokens out of shared configs and chats, and remove/revoke tokens when no longer needed.
Private health and activity information may be visible to the agent and could be included in responses if the user or agent requests it.
These agent surfaces can bring private health and fitness data into an MCP-compatible agent's context. The skill acknowledges this with guidance not to print private user data.
Body Battery; training readiness; HRV; sleep; stress; activities
Only connect accounts you intend the agent to read, request privacy audits/status checks first, and avoid sharing outputs that contain private wellness data.
If an agent uses live tools without user review, it could make unwanted provider calls or changes.
The skill anticipates live provider calls and possible writes, but also instructs safer status and dry-run checks first. The artifacts do not show unsafe automatic execution.
Prefer connection_status, manifest, doctor, privacy_audit, or dry-run surfaces before any write or live provider call.
Require explicit user approval for any write or live provider action, and use dry-run or audit tools before allowing changes.