Back to skill
Skillv1.0.2
VirusTotal security
Lovefromio Garmin Connect · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 2:31 AM
- Hash
- 55961c1639075a7f9dda4d64a8a59af914164d1b377be2854eb73adff3b61b59
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lovefromio-garmin-connect Version: 1.0.2 The skill bundle contains multiple scripts with hardcoded personal information and environment-specific paths, notably the email 'moritz.vogt@vogges.de' and the home directory '/home/mamotec/' in garmin-auth-oauth.py, garmin-cron.sh, and garmin-sync-30days.py. While the logic for syncing Garmin fitness data appears functionally correct, the lack of sanitization for distribution is a significant privacy leak and configuration risk. Additionally, the scripts handle sensitive Garmin credentials and OAuth tokens, storing them in local session files.
- External report
- View on VirusTotal