v1.0.0

garmin-connect-skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:32 AM.

Analysis

Review before installing: the Garmin health-sync purpose is coherent, but the artifacts weakly store your Garmin password, overstate encryption, and include Feishu messaging credential/data flows.

GuidanceInstall only if you are comfortable with persistent Garmin health-data sync and local storage. Before authenticating, be aware that the current auth script stores your Garmin password in a reversible form and the documentation overstates encryption. Avoid entering a real password on the command line if possible, remove or replace the bundled Feishu secret, verify any Feishu webhook or recipient, and disable the systemd timer if you do not want ongoing background sync.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

认证成功后，凭证会加密保存到 `~/.garth/session.json`。

The user-facing instructions claim encrypted credential storage, but the included auth script comments that it uses base64 obfuscation, not encryption.

User impactA user may trust the credential storage more than they should and install or authenticate without realizing their Garmin password is only weakly masked.

RecommendationCorrect the documentation and implementation so the storage claim matches reality; either implement real protected secret storage or clearly warn that the saved password is reversible.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

每1小时自动同步一次（systemd timer） ... `sudo systemctl enable garmin-sync.timer`

The skill documents a persistent background timer for recurring sync. This is disclosed and aligned with fitness data synchronization, but it keeps operating after setup.

User impactGarmin data may continue syncing in the background until the timer is stopped or disabled.

RecommendationEnable the timer only if you want ongoing sync, and document or remember how to stop it with systemd if you no longer want background access.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

garminconnect>=0.2.38
requests>=2.28.0
python-dateutil>=2.8.2
garth>=0.5.0

The dependency versions are lower-bound ranges rather than pinned versions or hashes, and these libraries participate in authentication and network data sync.

User impactA future dependency release could change behavior around login, token handling, or data sync without the skill artifact changing.

RecommendationPin dependency versions, provide a lockfile or hashes, and review dependency updates before installing.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/garmin-auth.py

password = sys.argv[2] ... encoded_password = base64.b64encode(password.encode()).decode() ... "password_encrypted": encoded_password

The script collects the Garmin account password from a command-line argument and saves it in a persistent session file using reversible base64, despite labeling the field as encrypted.

User impactYour Garmin password could be recoverable from the local session file and may also be exposed through shell history or process listings.

RecommendationDo not store the account password this way. Use a true OAuth/token flow or OS keychain, prompt for secrets interactively, declare the credential requirement, and protect or rotate any password already used.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/daily_health_report_feishu.py

if not app_secret:
        app_secret = "sXYUTk...S8PB"

The Feishu setup path defaults to an embedded App Secret when the user leaves the prompt blank, then uses that credential to obtain a tenant access token and send messages.

User impactHealth reports may be sent using a bundled Feishu app credential rather than credentials the user intentionally supplied, and the embedded secret itself is exposed in the package.

RecommendationRemove hardcoded provider secrets, require the user to supply their own Feishu app credentials through a protected config or secret store, and declare this credential requirement in metadata.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

scripts/daily_health_report_webhook.py

response = requests.post(webhook_url, json=data, timeout=10)

The webhook script sends generated health report text to a configured Feishu webhook. This is purpose-aligned for report delivery, but it transmits sensitive health summaries to a third-party chat endpoint.

User impactSleep, activity, heart-rate, and workout summaries could be visible to the Feishu chat, bot, or workspace connected to the webhook.

RecommendationUse only a webhook you control, verify the recipient audience, avoid posting highly sensitive details to shared rooms, and store webhook URLs securely.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

单一SQLite数据库存储所有数据 ... 数据库：`~/.clawdbot/garmin/data.db`

The skill intentionally persists Garmin health data, including daily metrics, sleep data, workouts, and time-series data, in a local SQLite database for later reuse.

User impactAnyone or any agent with access to that local database may be able to read detailed personal health history.

RecommendationProtect the database with appropriate file permissions, avoid sharing it, and add clear retention/deletion guidance for users who want to remove synced health history.