ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

garmin-connect-skill

v1.0.0

Garmin Connect integration for OpenClaw: sync fitness data (steps, HR, calories, workouts, sleep) using OAuth. Supports China (garmin.cn) and Global (garmin....

0· 52·0 current·0 all-time
by@tcyxk·duplicate of @tcyxk/garmin-connect-tcyxk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included code: scripts implement Garmin OAuth, sync to local SQLite (~/.clawdbot/garmin/data.db), and provide readers/reports. Included dependencies (garminconnect, requests) are plausible. However the skill also bundles Feishu (Lark) push integrations and a hard-coded App Secret inside scripts/daily_health_report_feishu.py — pushing to a third-party chat service is reasonable for notifications but the presence of a credential baked into code (and a 'garth' dependency) is unexpected and should be justified by the author.
!
Instruction Scope
SKILL.md and scripts instruct users to run 'python3 scripts/garmin-auth.py your-email password --cn' (passing password as a command-line argument), to 'cat ~/.garth/session.json', and claim a systemd timer is 'already configured' and enabled (sudo systemctl status garmin-sync.timer). The repo does not include systemd unit files in the manifest, so the 'already configured' claim is inconsistent. The instructions reference multiple different filesystem paths (~/: ~/openclaw/skills/..., ~/.clawdbot/garmin/, ~/.garth/), which is confusing and can cause misconfiguration. Reading/writing local session.json and data.db is expected for this skill, but the instructions encourage insecure practices (expose password on CLI and view session file content).
Install Mechanism
No install spec (instruction-only) and only a requirements.txt referencing public pip packages (garminconnect, requests, python-dateutil, garth). No downloads from arbitrary URLs or archive extraction. Risk from installation is limited to running pip install of listed packages (moderate).
!
Credentials
Registry metadata declares no required env vars, but the code handles and persists sensitive credentials: garmin-auth.py asks for email/password and saves a base64-encoded password into ~/.garth/session.json (weak/ reversible obfuscation). The Feishu setup file in scripts/daily_health_report_feishu.py contains a hard-coded default app_secret ('sXYUTkNRSSBFxYTTS8UNfe7koyZwS8PB') and default app_id value — embedding another service's secret in source is suspicious and may indicate accidental leakage of someone else's credentials or a backdoor. The skill reads/writes several user-home config paths (~/.garth/, ~/.clawdbot/, feishu config files, webhooks), which are proportionate to syncing and notifications but the storage and handling of secrets are insecure and not declared in metadata.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It creates and updates files in the user's home directory (~/.garth/session.json, ~/.clawdbot/garmin/data.db, various ~/.clawdbot/*.json). That behavior is expected for a local-sync skill, but SKILL.md's claim that a systemd timer is 'auto configured' is unsupported by the file manifest (no .service/.timer units included). Persisting credentials in home directory with weak protections and default hard-coded secrets increases risk if the machine is shared or compromised.
What to consider before installing
Before installing or running this skill: - Do NOT pass your Garmin password on the command line (the instructions and garmin-auth.py example use argv). Passing a password as an argument exposes it to other local users via process listings. Prefer an interactive prompt or an auth/token flow. - garmin-auth.py stores your password base64-encoded in ~/.garth/session.json. Base64 is reversible — assume the saved credentials are effectively plaintext. If you must use this skill, plan to use an app-specific password or rotate credentials afterwards and restrict file permissions. - The repo contains a hard-coded Feishu App Secret and App ID in scripts/daily_health_report_feishu.py. Treat this as suspicious: do not rely on those defaults; replace them with your own app credentials and remove the hard-coded secret. Consider rotating any keys that may have been exposed. - SKILL.md claims a systemd timer is already configured but no unit/service files are present in the package. Verify any systemd units before enabling them; do not run sudo systemctl enable/start unless you understand what units will run. - The skill writes a local SQLite DB (~/.clawdbot/garmin/data.db) containing health data. If you are concerned about privacy, review the DB schema (init_db.py) and limit access to that file (permissions) or run the skill in an isolated environment/container. - If you want to proceed, audit the included scripts (especially garmin-auth.py, any code that transmits data, and the Feishu/webhook senders), remove hard-coded secrets, modify garmin-auth to prompt for passwords or use an OAuth token mechanism, and consider running the code in a sandboxed user account or container. If unsure, mark this skill as untrusted until the author addresses the credential handling and instruction inconsistencies.

Like a lobster shell, security has layers — review code before you run it.

latestvk972fvx5dy42bk0r5mdws1ehex83p3zd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments