ClawHub

Garmin Connect

Security checks across malware telemetry and agentic risk

Overview

This Garmin skill does what it claims, but it handles Garmin credentials, OAuth tokens, and sensitive health data with under-scoped safeguards that users should review before installing.

Review before installing. Use only on a trusted single-user machine, avoid passing your Garmin password on the command line if you can modify the script to prompt securely, protect ~/.garth/session.json and Garmin cache files as sensitive credentials/health data, remove or change the /tmp logging in the cron wrapper, replace hard-coded developer paths/emails, and enable the five-minute cron job only if continuous syncing is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill claims secure OAuth-based syncing, but the documentation instructs users to pass their Garmin email and password directly to a script and store session data at fixed local paths. That mismatch can mislead users about the true trust boundary and credential exposure risk, especially because command-line arguments may be visible via shell history or process listings.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The README explicitly describes a reusable OAuth session token being stored on disk, then characterizes the location as 'local, secure' without any evidence of file permission hardening, encryption, or OS-specific protections. This can mislead users into underestimating the risk of token theft from backups, shared machines, malware, or overly permissive home-directory access, enabling unauthorized access to sensitive Garmin account data.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation says the skill is OAuth-only and does not store passwords, yet it tells users to invoke an auth script with their email and password on the command line. Even if the password is not persisted, exposing it in command arguments can leak credentials through shell history, monitoring tools, or other local users.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script embeds a real-looking personal email address in user-facing authentication instructions, exposing account-specific information unrelated to a generic Garmin integration. In a shared repository or distributed skill, this leaks personal data and can encourage misuse by steering operators toward a specific account context during authentication.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script includes a hard-coded personal email address in the OAuth setup instructions, which is unrelated to core sync functionality and can misdirect users into authenticating against the author's account context or reveal unnecessary personal information. In a credentialed health-data sync skill, embedding personal identifiers is inappropriate and raises both privacy and trust concerns.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill automates collection and local caching of sensitive health and activity data, including sleep, heart rate, workouts, and other fitness metrics, yet the README does not meaningfully warn users about privacy exposure from persistent JSON storage and cron-based background syncing. In this context, understated privacy guidance is risky because the data category is inherently sensitive and long-lived local caches can be exposed to other local users, malware, logs, backups, or secondary tooling.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill syncs and caches sensitive health and activity data on a recurring five-minute schedule, but the documentation does not warn users about the privacy implications of continuous collection and local retention. In the context of fitness and sleep data, this can expose highly personal information if the host is shared, backed up insecurely, or otherwise compromised.

Missing User Warnings

High
Confidence
97% confidence
Finding
The authentication instructions tell users to enter account credentials directly on the command line without warning them that command-line arguments can be exposed to shell history, logs, crash reports, or process inspection. Because these are Garmin account credentials tied to personal health data, compromise could lead to account takeover and privacy loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation notes that session data and cached Garmin data are stored locally but does not warn users that these files may contain reusable authentication state and sensitive health information. On multi-user systems or systems with weak backup and file-permission practices, unauthorized access to those files could expose private data or facilitate unauthorized account access.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script requires the Garmin password as a positional command-line argument, which exposes credentials to shell history, process listings, job control logs, and potentially monitoring tooling on the host. In the context of a fitness-data sync skill that is likely to run on user workstations or home servers, this creates a realistic risk of credential theft and subsequent account compromise.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script persists an authenticated session to ~/.garth/session.json without informing the user that reusable authentication material is being stored on disk. If the file is readable by other local users, included in backups, or exfiltrated from the host, an attacker may gain ongoing access to the Garmin account without needing the password again.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists synced Garmin data, including health and activity details, to a local cache file without explicit consent, warning, or permission hardening. Because this data includes sensitive wellness information, writing it to a predictable path can expose private data to other local users, backups, or unintended consumers if file permissions are weak.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes highly sensitive health data including heart rate, sleep, workouts, and activity history to a local cache file by default, but provides no consent prompt, warning, or file-permission hardening. In the context of an agent skill that runs automatically every 5 minutes, this increases the risk of persistent exposure of private medical/fitness data to other local users, backup systems, logs, or later compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal