Back to skill
Skillv1.0.0
VirusTotal security
Garmin Trail Running Roadmap & Training Plan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:32 AM
- Hash
- c805e12a3fd5f4b0a6af6471a7c49ed632202bb517bb4ec1c95755e088bd08b0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: garmin-trail-running-training-plan Version: 1.0.0 The skill bundle contains a significant vulnerability in 'scripts/sync_gen.py', which generates AppleScript for macOS Calendar integration using unsanitized f-strings. This allows for AppleScript injection if the race name or training descriptions contain malicious payloads. Furthermore, 'SKILL.md' explicitly instructs the AI agent to generate and execute this code, a high-risk pattern that could be exploited via prompt injection. While the skill's purpose of syncing Garmin data to a calendar is plausible, the combination of system-level automation (osascript) and the lack of input validation poses a security risk.
- External report
- View on VirusTotal