ClawHub

Lovefromio Garmin Connect

Security checks across malware telemetry and agentic risk

Overview

This Garmin health-data sync matches its broad purpose, but it needs Review because it asks for account credentials unsafely and stores sensitive health/session data with weak scoping and disclosure.

Install only if you are comfortable granting Garmin account access and storing detailed health data locally. Do not pass your Garmin password on the command line or disable 2FA; prefer a safer auth flow or edit the scripts first. Protect ~/.garth/session.json and any cache files, avoid the /tmp export/dashboard scripts unless you accept local plaintext health-data exposure, and remove the hard-coded personal email and /home/mamotec paths before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (21)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill documentation describes file read/write behavior and local caching, but the skill metadata does not declare corresponding permissions. Undeclared capabilities reduce transparency and informed consent, especially for a skill handling sensitive health data and scheduled syncs. In this context, the mismatch is risky because users may not realize the skill writes persistent data to disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior does not match the broader capabilities identified by analysis: direct credential entry, 30 days of historical health-data processing, exports to /tmp, and inclusion of a specific personal email in instructions. This is dangerous because users may consent to a narrow OAuth sync but actually expose credentials and a much larger volume of sensitive health information than advertised. For a health-data integration, scope expansion and credential collection materially increase privacy and security risk.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The README claims the integration uses OAuth, but the documented authentication flow asks the user to provide their email and password directly on the command line. That is a dangerous mismatch because it encourages credential harvesting patterns, bypasses user expectations of a browser-based OAuth flow, and exposes secrets via shell history, process listings, and logs.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script prints a specific personal email address in authentication instructions, unnecessarily disclosing personal identifying information unrelated to the generic function of OAuth setup. In a shared repository, logs, screenshots, or terminal history, this leaks private account details and can aid phishing or account-targeting against the identified Garmin user.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script requires users to provide their Garmin email and password as command-line arguments, which commonly exposes credentials through shell history, process listings, logging, and monitoring tools. In the context of a skill advertised as using OAuth for periodic sync, collecting raw credentials is unnecessary and materially increases credential-handling risk.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module header claims this is an OAuth authentication setup, but the implementation performs direct username/password login and stores a session file. This mismatch can mislead reviewers and users into trusting the script with credentials under false assumptions, which is especially risky for a skill whose stated purpose is OAuth-only synchronization.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The function docstring says it will authenticate and save an OAuth session, but it actually logs in with the user's raw password. Misrepresenting credential use reduces informed consent and may cause unsafe deployment in environments that permit token storage but prohibit password handling.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script goes beyond a sync-only integration by generating an HTML dashboard and exporting 30 days of detailed health data to predictable local files under /tmp. This increases the data exposure surface for highly sensitive fitness and health information, especially on multi-user systems or environments where temporary files are accessible, backed up, or inspected by other processes.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script hard-codes a personal email address in the OAuth setup instructions, exposing personal identifying information unrelated to the skill’s core syncing function. This creates unnecessary privacy leakage and may mislead users into authenticating against someone else’s account context or reveal the author’s identity for targeting.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Passing a Garmin email and password as command-line arguments is unsafe because those values may be exposed through shell history, system process tables, monitoring tools, and crash/debug logs. In a skill handling health-related account access, this creates a realistic path to credential compromise and downstream account takeover.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README promotes automatic 5-minute syncing of sensitive fitness data such as heart rate, sleep, and workouts, but does not clearly warn users about continuous collection and local caching of personal health information. In this context, the missing privacy disclosure increases the risk of users unintentionally storing or exposing sensitive data on shared or poorly secured systems.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill syncs and caches sensitive health data on a recurring 5-minute schedule, but the description lacks a clear warning about the sensitivity, persistence, and local storage of that data. This is dangerous because users may unknowingly create an always-on repository of detailed biometric and activity information that could be exposed through local compromise, backups, or multi-user systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup instructions tell users to pass Garmin email and password on the command line without an explicit warning about credential exposure. Command-line credentials can leak through shell history, process listings, logs, or terminal recording, making account compromise more likely. This is especially sensitive for an account tied to private health data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persists an authenticated Garmin session to a fixed file path on disk without clearly warning the user that this file contains sensitive reusable session state. If the file is readable by other local users, copied into backups, or accidentally committed, an attacker may reuse the session to access the user's Garmin account data.

Missing User Warnings

High
Confidence
99% confidence
Finding
Accepting and even demonstrating password entry on the command line is a well-known secret-handling flaw because the password may be exposed in terminal history, process tables, crash reports, CI logs, or remote execution telemetry. Since this script targets recurring access to personal fitness data, compromise of the account could also expose sensitive health-related information and persistent session access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script saves an authenticated session token to disk under the user's home directory without warning about its sensitivity or ensuring restrictive permissions. If that file is read by another local user, included in backups, or exfiltrated by malware, an attacker may gain ongoing access without needing the original password.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes raw JSON and dashboard files containing sensitive health data, including sleep, heart rate, workouts, and activity summaries, to /tmp without clearly warning the user beforehand. This is dangerous because temporary directories are commonly accessible to other local users, processes, container sidecars, or support tooling, turning private health telemetry into locally exposed plaintext data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script stores sensitive health and activity data, including heart rate, sleep, workouts, and calories, in a local cache file without restricting permissions or clearly informing the user. Because the cache path is configurable and defaults to /tmp, this increases the chance of unintended disclosure to other local users, processes, or backup/logging systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script prints the full synced Garmin dataset to stdout, which may include sensitive health information and workout details. In agent or automation environments, stdout is often captured by logs, terminals, orchestrators, or monitoring systems, causing secondary disclosure beyond the intended user.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes highly sensitive health and activity data (sleep, heart rate, workouts, calories) to a predictable local file path without any consent prompt, warning, permission hardening, or retention controls. In an agent skill context that syncs every 5 minutes, this creates an ongoing local privacy exposure where other local users, processes, backups, or log collectors may access intimate fitness data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Printing the full Garmin dataset to stdout exposes sensitive personal health information to any parent process, terminal history capture, CI/job logs, agent transcripts, or observability tooling that records command output. Because this is an integration skill likely invoked automatically, stdout disclosure is especially risky since users may not realize their fitness and sleep data is being propagated beyond the local script.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal