ClawHub

Lovefromio Garmin Health Analysis

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Garmin health-analysis purpose, but it needs Review because it ships a populated credential file and handles sensitive health, identity, and location data with weak scoping and privacy disclosures.

Review carefully before installing. Delete the included config.json, use only your own Garmin credentials through a trusted secret path, avoid command-line passwords, protect or periodically remove saved Garmin tokens, and assume outputs may contain private health, identity, and GPS route data. Use a virtual environment for dependencies and avoid generating browser charts unless you accept the third-party CDN/browser exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (22)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation clearly instructs use of environment variables, local file reads/writes, and shell commands, yet the metadata declares no explicit permissions boundary for those capabilities. This creates a transparency and least-privilege problem: users may grant trust to a skill without realizing it can access credentials, persist tokens, and execute local commands.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The privacy note states that no data is sent anywhere except Garmin, but the chart workflow opens HTML in a browser and, per the finding, loads external Chart.js resources. That means health data may be exposed to third-party network requests, referrer leakage, or browser-connected services, making the privacy claim materially misleading.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation directs the skill toward an unofficial reverse-engineered API and explicitly notes it may violate Garmin's Terms of Service. That is a real security/compliance risk because it relies on unstable, unsupported access patterns that can lead to account blocks, breakage, and unsafe operational workarounds around authentication and scraping.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
Including token capture and session persistence guidance expands the skill from analytics into credential/session handling, which increases the attack surface around secrets storage and replay. In a health-data skill, reusable session tokens can expose sensitive personal data if logged, cached insecurely, or exfiltrated by adjacent components.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
The recommendation to cache data locally introduces undeclared retention of sensitive health and activity data. While caching can be operationally reasonable, storing this data increases privacy risk, breach impact, and the chance of retaining more user data than needed for the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The file explicitly acknowledges potential Terms of Service violations while still presenting the approach as usable, which confirms a real risk-bearing capability mismatch with the declared skill purpose. This can pressure implementations toward unsupported access patterns and conceal legal, operational, and account-security consequences from users.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The profile path retrieves and exposes personally identifiable information including name, display name, and email, then returns it for stdout output. In a health-analysis skill, this broadens data exposure beyond core biometric analysis and can leak sensitive identity data to logs, calling agents, or downstream consumers without clear necessity.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code fetches account identity fields that are not obviously necessary for answering health questions like sleep, HRV, or workout analysis. Unnecessary collection of account email/name increases privacy risk and violates data minimization principles, especially because the data is later emitted in JSON output.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README instructs users to install dependencies and run an authentication flow for a skill that accesses highly sensitive health and activity data, but it does not prominently warn that local credentials/session tokens may be stored and that the skill can retrieve detailed biometric and location information. In a health-analysis context, understated disclosure increases the risk of users granting access without understanding the privacy and credential-handling implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to place Garmin credentials in config files, environment variables, and especially command-line arguments without strong warnings about exposure risks. Command-line passwords can leak via shell history and process listings, while plaintext local storage increases the chance of credential theft from the host system.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer automatically creates a local config.json intended to hold Garmin credentials, but it does not warn the user that the file may contain sensitive secrets or advise on secure storage and permissions. In a health-data skill, this is more sensitive than usual because the same credentials can expose private fitness and health information in addition to account access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication section shows how to persist reusable OAuth tokens but does not include any warning or guidance on handling them as sensitive secrets. In the context of a health-analysis skill, those tokens can grant ongoing access to highly sensitive personal telemetry, so omission of storage and logging safeguards is dangerous.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation encourages downloading and parsing FIT/GPX/TCX activity files containing highly sensitive location and health telemetry, but it provides no privacy notice, retention guidance, or warning about local storage and sharing risks. In this skill context, route files can expose home/work locations, routines, and detailed biometric data, so omission of handling safeguards materially increases the chance of unsafe use or accidental disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file markets broad access to heart rate, stress, sleep, SPO2, body composition, and other sensitive health metrics without informing users that the skill processes personal health data. Even though this is documentation rather than executable code, the absence of a clear warning and data-handling notice can mislead users into exposing sensitive information without understanding privacy implications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This debug script directly queries authenticated Garmin account and health data, including devices, sleep, and heart-rate information, and prints portions of the responses to stdout. Even though it appears intended for troubleshooting, exposing sensitive health/account data in console output without explicit warnings, redaction, or access controls can leak private data into logs, terminals, CI output, or shared support artifacts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code downloads Garmin activity files and writes them to disk in a predictable location (/tmp by default) without any warning, consent flow, minimization, or protection of the resulting files. Because these files can contain precise location traces and health metrics, local disclosure risk is meaningful, especially on shared systems or when temporary directories are broadly accessible or monitored by other processes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts the Garmin password via a --password command-line argument, which can expose the secret through process listings, shell history, audit logs, or job runner telemetry visible to other local users or administrators. In a health-data skill, compromise of Garmin credentials can grant access to sensitive personal fitness and health information and potentially enable long-lived session token creation.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script handles highly sensitive health data and then renders it in a browser using an HTML page that loads a third-party JavaScript library from a CDN. Even though the health values are serialized locally, opening private medical-style data in a browser without an explicit privacy warning, consent step, or offline-only default increases the risk of unintended disclosure through browser history, local temp files, shared workstations, or third-party resource loads.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script fetches sensitive health and profile information from Garmin over network calls and prints the results directly to stdout, with no privacy notice, sensitivity labeling, or output restriction. In agent environments, stdout is often captured by logs, tool traces, or other components, so this design can unintentionally disclose health and identity data beyond the user's immediate request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script retrieves highly sensitive health data such as body composition, SPO2, respiration, stress, and intraday heart rate, then serializes and prints the full result to stdout. In agent or tool-execution environments, stdout is commonly captured in logs, transcripts, or upstream systems, which can disclose private medical and biometric information beyond the intended recipient.

Session Persistence

Medium
Category
Rogue Agent
Content
#### Option B: Local Config File

Create a config file in the skill directory:

```bash
cd ~/.clawdbot/skills/garmin-health-analysis
Confidence
93% confidence
Finding
Create a config file in the skill directory: ```bash cd ~/.clawdbot/skills/garmin-health-analysis # or: cd <workspace>/skills/garmin-health-analysis cp config.example.json config.json # Edit config.j

Session Persistence

Medium
Category
Rogue Agent
Content
exit 1
fi

# Create config from example if it doesn't exist
if [ ! -f "config.json" ] && [ -f "config.example.json" ]; then
    echo
    echo "📝 Creating config.json from example..."
Confidence
72% confidence
Finding
Create config from example if it doesn't exist if [ ! -f "config.json" ] && [ -f "config.example.json" ]; then echo echo "📝 Creating config.json from example..." cp config.example.json con

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal