Back to skill
Skillv1.2.4
VirusTotal security
Lovefromio Garmin Health Analysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 2:11 AM
- Hash
- 9c21963472bfadee2c23d90677d022f7801bf36f77ba2eb4071a3f45976ff005
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lovefromio-garmin-health-analysis Version: 1.2.4 The skill bundle is classified as suspicious primarily due to the inclusion of a 'config.json' file containing plaintext credentials (email: 0011@111.com, password: [REDACTED]), which constitutes a significant security leak and contradicts the documentation in 'SKILL.md' stating that this file should be gitignored. While the core functionality across scripts like 'garmin_auth.py' and 'garmin_data.py' appears to be a legitimate implementation for fetching Garmin health metrics using the 'garminconnect' library, the presence of hardcoded credentials in a distributable package is highly irregular. The skill handles sensitive health data and session tokens stored in '~/.clawdbot/garmin', and while no evidence of intentional data exfiltration to third parties was found, the credential leak poses a high risk to the account owner.
- External report
- View on VirusTotal