Back to skill

Security audit

Garmin Tracker

Security checks across malware telemetry and agentic risk

Overview

This Garmin skill is purpose-aligned and disclosed, but users should avoid the password-based fallback unless they trust the environment.

Install only if you are comfortable letting the skill use a Garmin logged-in browser session and update garmin_tracking.json. Prefer manual browser login over passing a Garmin password on the command line, avoid debug dumps unless needed, and pin playwright-core in managed environments if supply-chain repeatability matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs reading and writing `garmin_tracking.json` and running bundled scripts that modify workspace files, but it does not declare corresponding permissions. Hidden or undeclared file access weakens operator review and policy enforcement, increasing the chance that a skill can modify local data in ways the user or platform did not explicitly authorize.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script accepts Garmin email and password as command-line arguments, which commonly exposes secrets through shell history, process listings, CI logs, and agent telemetry. Even if the script itself does not print the password, handling raw credentials this way materially increases the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill allows a direct credentials fallback for Garmin login and even shows command-line examples containing email and password arguments. Supplying secrets via prompts or CLI flags is risky because they may be exposed in shell history, process listings, logs, transcripts, or agent context, especially in shared or instrumented environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The credential-login flow fills and submits a live Garmin sign-in form but the help/output does not clearly warn that the script may use supplied account credentials. In an agent or automation context, this weak disclosure can cause users to provide sensitive credentials without understanding the exposure and side effects of browser-based login automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.