Garmin Skill
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward instruction-only Garmin/Transition API guide, but it uses a Transition API key to access personal fitness data and includes a workout-push action users should approve explicitly.
Install/use this only if you trust Transition with your Garmin data. Keep TRANSITION_API_KEY private, revoke it if compromised, and ask the agent to confirm before pushing workouts or retrieving sensitive profile/history details.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the API key could query the user's Transition/Garmin-backed fitness data through the documented endpoints.
The skill requires a Transition account connected to Garmin and an API key for personalized access. This is expected for the integration, but the key authorizes access to the user's synced Garmin data.
Download Transition ... connect your Garmin account ... Generate New Key ... export TRANSITION_API_KEY="tr_live_xxxxxxxxxxxxxxxxxxxxx"
Only set the API key in trusted environments, revoke it if exposed, and confirm that the Transition account is connected to the intended Garmin account.
Personal activity, training load, performance, and related fitness data may be available to the agent through Transition's API.
The skill clearly routes Garmin-derived training data through the third-party Transition service for agent use. This is core to the stated purpose, but it is a sensitive provider data flow.
Powered by Transition ... which syncs with Garmin Connect to give AI agents access to your training data.
Review Transition's account, privacy, and API-key settings before use, and avoid asking the agent to retrieve or share data you do not want exposed in the session.
Past coaching conversations may be retrievable by the agent when the API key is available.
The documented chat history endpoint indicates provider-side storage or retrieval of prior coach conversations. This is expected for a coaching service but may include sensitive fitness context.
### Chat History curl -H "X-API-Key: $TRANSITION_API_KEY" \ "https://api.transition.fun/api/v1/coach/history"
Treat coach chats as potentially persistent in the Transition service and avoid including information you would not want stored or reused.
An agent could push a scheduled workout to the user's Garmin account/device if it has the API key and invokes this endpoint.
This is a state-changing authenticated endpoint that can send a workout to the user's Garmin device. It is related to the skill's purpose, but should be user-directed.
### Push Workout to Garmin Send a scheduled workout directly to your Garmin device. curl -X POST ... "/api/v1/workouts/123/push-garmin"
Require an explicit user confirmation before pushing workouts or making any other state-changing Garmin action.