ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Garmin Tracker

v1.0.2

Rebuild and maintain garmin_tracking.json from Garmin web data (activities + training plan) with a fixed schema from 2026-02-01.

0· 622·0 current·0 all-time
byRicardo Trevisan@ricardotrevisan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (rebuild garmin_tracking.json from Garmin web data) align with required binaries (node, python3) and included scripts (a Node/Playwright scraper and a Python reconciler). Use of browser automation (playwright-core) is expected for this purpose.
Instruction Scope
SKILL.md explicitly limits scope to list/table fields and forbids deep telemetry scraping; runtime steps are narrowly defined (read/write garmin_tracking.json, refresh training plan, rebuild history). It does instruct guided manual login or credentials fallback and suggests using remote VNC/noVNC endpoints for containerized browsers — these guidance items expand operational surface and require careful operator controls.
Install Mechanism
No install spec in registry (instruction-only) and included scripts are plain JS/Python. The only external dependency called out at runtime is playwright-core, which is a normal package for browser automation; no downloads from untrusted URLs or obfuscated installers are present in the package files.
!
Credentials
The skill requests no environment variables, which is appropriate. However, it supports a 'credentials' fallback via CLI flags (--garmin-email, --garmin-password). Passing passwords on command line can expose them via process listings or shell history. The script also has a --debug-dump option that writes raw extracted page content to a file (could include sensitive page text). These operational behaviors are proportionate to the feature but carry clear secrecy risks that the SKILL.md partially acknowledges but does not fully mitigate.
Persistence & Privilege
always is false and the skill doesn't request system-level persistence. It reads/writes the workspace file garmin_tracking.json and may write debug dumps; it does not modify other skills or global agent config. No elevated privileges are requested.
Assessment
This skill appears to do what it says (browser-driven scraping + a local Python reconciler). Before installing or running it: 1) Prefer browser-session/manual login (the safest mode) rather than passing credentials on the CLI — command-line passwords can be exposed in process lists or shell history. 2) If you must use credentials mode, run the script in a controlled environment (ephemeral container) and avoid storing them in chat or long-lived logs. 3) Be cautious with --debug-dump: it can write raw page text to files that might contain private info; set the path to a safe location or omit the flag. 4) Confirm the CDP endpoint (default 127.0.0.1:39222 or a URL in your OpenClaw config) points to a browser instance you trust — using untrusted remote CDP or VNC endpoints can expose session tokens. 5) Install playwright-core from the official npm registry if needed (npm install playwright-core) and prefer images that include browser binaries from trusted sources. 6) Review the included scripts (sync_training_plan.mjs and reconcile_tracking.py) in your environment and run tests locally before giving it access to your real Garmin account. If you want, I can highlight the exact lines where credentials get consumed and where debug dumps are written.

Like a lobster shell, security has layers — review code before you run it.

latestvk978x6jrmybpcb0ym17jw2y4gx818b9w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, python3

Comments