Garmin Sync
Sync activities from Garmin China to Garmin Global using local timestamps and distance to avoid duplicates in a one-way sync process.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 25 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code: sync.py implements CN→Global sync using the garth library and uses startTimeLocal+distance to detect duplicates. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md instructions are scoped to installing the garth library, setting credentials, and running a sync. It correctly documents plaintext credential storage and advises restrictive permissions. Minor inconsistency: SKILL.md references a 'garmin-sync' CLI command, but the package provided contains only sync.py (no installer/entry point). You would likely run the script directly (e.g., python sync.py ...).
Install Mechanism
No install spec in registry; SKILL.md asks users to pip install garth, which is reasonable and low-risk. There are no downloads from arbitrary URLs or archive extraction during install.
Credentials
No environment variables or external credentials are requested by the registry. The tool does require the user's Garmin email/password (stored in ~/.config/garmin-sync/credentials.json). Storing credentials in plaintext is a security concern (SKILL.md and code acknowledge this and set file mode 600).
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges, nor does it modify other skills or system-wide settings. It only writes its own credentials file and temp files under /tmp.
Assessment
This skill appears to do what it claims, but take these precautions before using it with real credentials: (1) Review the code yourself (or have someone you trust do so) and confirm you understand how garth behaves, since garth performs the network calls. (2) Prefer using a dedicated/sandbox Garmin account for initial testing. (3) Be aware credentials are stored plaintext in ~/.config/garmin-sync/credentials.json; consider alternatives (temporary account, OS keychain, or encrypting the file). (4) The SKILL.md mentions a 'garmin-sync' CLI but the bundle only includes sync.py—run the script directly or package it appropriately. (5) Verify the garth package source before pip installing (use a pinned version or inspect it). (6) Run first in a controlled environment (VM/container) if you want to limit blast radius.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
garmin-sync-cn-to-global
Sync activities from Garmin China (garmin.cn) to Garmin Global/International (garmin.com).
Usage
# Install dependencies
pip install garth
# Set credentials (once, stored in ~/.config/garmin-sync/credentials.json)
garmin-sync set-credentials --email your_email --password your_password
# Sync new activities from CN to Global
garmin-sync sync
Requirements
- Python 3.x
- garth library (
pip install garth)
Notes
- One-way sync: CN → Global (not bidirectional)
- Uses startTimeLocal + distance to detect duplicates (activity IDs differ between servers)
- Skips conflicts automatically
- Same email/password works for both Garmin CN and Garmin Global accounts
Security Considerations
- Credentials are stored in plaintext at
~/.config/garmin-sync/credentials.json - Set restrictive file permissions after first run:
chmod 600 ~/.config/garmin-sync/credentials.json - Consider using a dedicated/sandbox account for testing
- Review the code before running with your primary credentials
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…