Skillv1.2.4

ClawScan security

Lovefromio Garmin Health Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 2:05 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested credentials are coherent with its stated purpose (accessing Garmin Connect via the unofficial garminconnect library), but there are a few practice and privacy concerns you should review before installing.
Guidance: This skill appears to do what it says (uses the unofficial python-garminconnect library to fetch and analyze Garmin data). Before installing: 1) Don't commit or reuse real credentials—remove or overwrite the included config.json with your own or rely on environment variables; the repository currently contains a config.json with an email/password value which you should delete. 2) Understand tokens are stored locally (~/.clawdbot/garmin-tokens.json) and may be shared with other local tools (MCP server) if you use both; restrict file permissions if needed. 3) Verify and review the garminconnect, fitparse, and gpxpy packages you install (supply-chain risk). 4) Using the unofficial API may violate Garmin's Terms of Service and can break if Garmin changes their site; consider creating a dedicated/test Garmin account if you want to reduce risk to a primary account. 5) Two-factor auth is likely unsupported; expect authentication limitations. If you want higher assurance, inspect garmin_auth.py and related scripts yourself (they are included) or run them in an isolated environment (container or separate account) first.

Review Dimensions

Purpose & Capability: okName/description ask to read Garmin Connect data and the repo contains scripts (authentication, data fetch, parsing, charting) and declares the expected Python libraries. Requesting GARMIN_EMAIL and GARMIN_PASSWORD matches the unofficial garminconnect library's email/password flow.
Instruction Scope: noteSKILL.md and scripts instruct the agent to read credentials from env vars, local config.json, command-line args, or Clawdbot config and to store session tokens in ~/.clawdbot/garmin-tokens.json. That behavior is expected for this type of skill, but the instructions grant the skill direct read/write access to local credential/config files and token storage—review that these paths are acceptable for your environment.
Install Mechanism: okNo download-from-arbitrary-URL installs. Dependencies are typical Python packages (garminconnect, fitparse, gpxpy) installed via pip per install.sh and SKILL.md. These are traceable PyPI packages; standard caution about verifying third-party packages applies.
Credentials: concernOnly GARMIN_EMAIL and GARMIN_PASSWORD are requested which fits the unofficial API. However, the repo includes a committed config.json with an email/password value — this suggests credentials are stored in-repo and contradicts the 'config.json is gitignored' note. Presence of a credentials file in the published manifest is a privacy/operational concern and should be removed before use.
Persistence & Privilege: notealways:false (normal). The skill writes session tokens to a local path (~/.clawdbot/garmin-tokens.json) and the README mentions token sharing with a separate MCP server repo; this persistent token sharing is expected for usability but increases the scope of access if multiple tools read that token file—confirm you are comfortable with that shared token location.