Skillv1.0.2

ClawScan security

Lovefromio Garmin Connect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 2:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (sync Garmin data) but has several inconsistencies and risky instructions (password-on-CLI, advice to disable 2FA, missing dependency in requirements, hardcoded example paths/emails) that warrant caution before installing.
Guidance: This skill appears to implement Garmin sync functionality, but exercise caution before installing or running it: - Do not pass your Garmin password on the command line where it can be viewed by other processes; prefer browser-based OAuth (garth-cli) as described in some scripts. - The SKILL.md and scripts suggest disabling 2FA or using an app password — do not disable 2FA for your primary account; instead create/apply an app-specific token if Garmin supports it, or use the browser OAuth flow. - The requirements.txt omits the 'garth' dependency used in code. When installing, explicitly install garth/garth-cli and verify package sources. - Review and, if needed, change hardcoded paths and example emails in scripts (e.g., /home/mamotec/, moritz.vogt@vogges.de) before running; they are developer leftovers and not suitable for production. - Session and cache files are written to ~/.garth/session.json and ~/.clawdbot/.garmin-cache.json; ensure those files have appropriate filesystem permissions and consider storing them in a secure directory. - If you are not comfortable inspecting or modifying Python scripts, run this in an isolated environment (VM/container) and inspect network behavior. Prefer the garth-cli/browser OAuth path rather than the username/password script. What would change this assessment: a clear, trusted upstream source (homepage or repo), a corrected requirements.txt that lists all runtime dependencies, removal of advice to disable 2FA, and removal of hardcoded developer-specific credentials/paths. With those fixes the skill would likely be classified as benign.

Review Dimensions

Purpose & Capability: noteFiles and scripts implement Garmin data sync and caching (OAuth / garth + garminconnect) which matches the stated purpose. However the repository mixes two auth approaches (browser-based OAuth guidance alongside a username/password login script), and requirements.txt omits the 'garth' dependency that many scripts import. Hardcoded example paths and email addresses (e.g., /home/mamotec/.garth/session.json, moritz.vogt@vogges.de) are leftover developer artifacts but not required for the stated feature.
Instruction Scope: concernSKILL.md and scripts instruct the user to run an authentication script with email and password on the command line (python3 scripts/garmin-auth.py <email> <password>) and even suggest disabling 2FA — these broaden the scope to collecting sensitive credentials and encourage insecure practices. Scripts read/write local session and cache files (e.g., ~/.garth/session.json, ~/.clawdbot/.garmin-cache.json) — expected — but instructions are inconsistent about using OAuth/browser login vs username/password and include hardcoded user-specific instructions.
Install Mechanism: noteNo install spec (instruction-only skill). It relies on pip installing requirements.txt, which lists garminconnect/requests/dateutil but omits 'garth'/'garth-cli' that many scripts require. That mismatch may lead users to run manual installs; otherwise there is no remote download or archive-extract behavior in the install metadata.
Credentials: concernThe skill declares no required environment variables or credentials, yet its runtime requires sensitive authentication (Garmin credentials or browser OAuth session). The SKILL.md explicitly instructs supplying email/password on the CLI and advises disabling 2FA, which is disproportionate and insecure. There are also hardcoded example email and home paths embedded in scripts, which leak developer-specific identifiers and could mislead users.
Persistence & Privilege: okThe skill stores session and cache files in user-local paths (~/.garth and ~/.clawdbot) which is consistent with a sync tool. It does not request 'always: true', does not modify other skills, and has no system-wide install behavior in the manifest. Autonomous invocation is allowed but is the platform default.