ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Garmin Trail Running Roadmap & Training Plan

根据佳明(Garmin)运动数据和比赛GPX轨迹,自动化制作专业越野赛路书、动态训练计划,并同步至系统日历。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 30 · 0 current installs · 0 all-time installs
by@mtroymatt
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's code (garmin_auth, garmin_query, activity parsers, calendar sync) aligns with the stated purpose of reading Garmin data, producing analysis, and syncing calendar events. However the registry metadata claims no required env vars/credentials while the implementation requires a Garmin account (email/password or saved tokens) and optional GARMIN_* env vars — a metadata mismatch.
Instruction Scope
SKILL.md and the scripts instruct the agent to read a local config.json or environment variables, call the garminconnect-based client, parse GPX/FIT files, generate HTML, and (on macOS) call osascript to write calendar events. All actions stay within the advertised functionality and do not appear to collect unrelated system data.
Install Mechanism
This is an instruction-only skill (no install spec). The code depends on third‑party Python packages (garminconnect, fitparse, gpxpy, etc.) but these dependencies are not declared in the registry metadata or an install step — the user must install them manually. No remote download URLs or archive extraction are present in the skill bundle itself.
!
Credentials
The implementation requires or supports Garmin credentials (email/password or tokenstore) and stores persistent tokens under ~/.clawdbot/garmin; it may also read env vars GARMIN_EMAIL, GARMIN_PASSWORD, GARMIN_IS_CN and writes a config.json to the skill root. The registry metadata lists no required env vars or primary credential — the omission is a meaningful inconsistency that users should be aware of before providing credentials.
Persistence & Privilege
The skill creates persistent state: a token store directory (~/.clawdbot/garmin) and a config.json in the skill directory. It does not request always:true and does not modify other skills, but stored tokens allow future API access without re-entering the password — treat the token store like credentials and plan for secure cleanup on uninstall.
What to consider before installing
This skill appears to implement what it advertises, but the registry metadata is incomplete. Before installing or running: (1) Review the code yourself or only run in a disposable environment; (2) Be aware you must supply Garmin credentials (via env vars, CLI, or config.json) even though metadata says none — the scripts store tokens under ~/.clawdbot/garmin; treat that folder as sensitive and delete it if you revoke access; (3) Install required Python packages (garminconnect, fitparse, gpxpy) from PyPI and validate versions; (4) macOS calendar sync uses osascript and will create events — ensure you trust the generated AppleScript and permit calendar access intentionally; (5) If you prefer not to hand over your password, consider creating a dedicated Garmin account or revocable credentials and verify token handling (tokens are not persisted to a remote server in this bundle); and (6) Ask the publisher why required env vars and dependencies were omitted from the registry metadata — that mismatch is the main reason this is rated 'suspicious'.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk979wvh8h3bp3678nby08c1m29831z6n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Garmin Trail-Running Roadmap & Training Plan

本技能旨在为越野跑者提供一站式的“数据分析 -> 策略制定 -> 计划同步”服务。它能够深度解析佳明手表的运动表现数据,并结合比赛赛道信息生成科学的路书和赛前训练安排。

使用场景

  • 准备参加新的越野比赛,需要根据赛道 GPX 制作分段路书。
  • 比赛前 2-3 周,需要根据近期身体状态调整减量训练课表。
  • 希望将复杂的训练计划一键同步到 macOS/iOS 系统日历中。
  • 需要将枯燥的训练数据转化为通俗易懂的小红书文案进行分享。

核心能力

1. 佳明数据深度解析与自动化获取

  • 自动化连接:内置 scripts/garmin_auth.py 脚本,支持 佳明中国 (Garmin China) 和全球账号。
  • 配置指引
    • 在技能根目录创建 config.json 或设置环境变量 GARMIN_EMAIL, GARMIN_PASSWORD, GARMIN_IS_CN=True
    • 运行 python3 scripts/garmin_auth.py login --cn 进行首次授权登录。
  • 数据提取:使用 scripts/garmin_query.py 自动获取特定日期的越野跑活动 ID 及详细指标。
  • 心率区间对齐:支持 6 区间制(Zone 0-5)深度分析(参考 references/roadmap_standard.md)。
  • 爬升数据校准:自动平滑 GPX 抖动,校准真实累计爬升。

2. 智能化路书制作 (v4.0 架构)

  • 分坡度策略:摒弃单一配速目标,改为“心率 + 功率”双控。
  • 时间银行逻辑:量化下坡回收能力的战术应用。
  • Z3 预算分配:科学计算比赛全程节奏区的使用比例。

3. 动态训练计划同步

  • 提供 scripts/sync_gen.py 脚本,可根据比赛日期自动生成日历同步脚本。
  • 自动设置全天事件,包含详细的训练内容、备注和强度建议。

工作流程

  1. 环境准备
    • 确保已获取比赛 GPX 文件。
    • 获取用户最近一次代表性训练的 Garmin 数据(距离、爬升、心率分布)。
  2. 分析阶段
    • 读取 references/roadmap_standard.md 确认心率定义和量化标准。
    • 对比 GPX 数据与实测表现,识别用户的强项(如:下坡提速)与限制(如:陡坡心率漂移)。
  3. 输出阶段
    • 生成路书 HTML。
    • 运行 scripts/sync_gen.py 生成日历同步代码并执行。
    • (可选)提炼社交媒体分享文案。

关键文档

  • references/roadmap_standard.md: 佳明 6 区间定义及路书制作量化标准。

开发者备注

  • 执行日历同步时需通过 osascript 调用 macOS 日历,确保权限已开启。
  • 处理 GPX 时优先进行 5-10 点的平滑移动平均处理以消除海拔噪点。

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…