Garmin Tracker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may interact with your logged-in Garmin account or use credentials you provide to sign in.
The skill intentionally uses an authenticated Garmin session and may ask for Garmin username/password as a fallback. This is expected for Garmin sync, but it grants account-level access during the run.
The user signs in locally to Garmin in the browser profile used by OpenClaw... Credentials fallback only if browser login is not possible or explicitly rejected by the user.
Prefer browser/manual login mode when possible, and only use credentials fallback in a trusted environment.
Installing the dependency could introduce whatever version npm resolves at the time of installation.
The skill may require installing an unpinned npm package at runtime. Browser automation is central to the purpose, but unpinned installs can change over time.
If you get MODULE_NOT_FOUND: playwright-core, install it in the active workspace: npm install playwright-core
If you manage the environment, consider pinning playwright-core to a known version or installing it through a reviewed workspace dependency file.
If debug dumping is used, Garmin page content may be saved to a local file beyond the normal tracker file.
The sync script documents an optional debug dump of raw extracted Garmin page data. That may include more personal fitness/account page text than the final normalized JSON.
--debug-dump <path> Write raw extraction payload for parser tuning
Avoid debug dumps unless needed, store them in a private location, and delete them after troubleshooting.