Garmin Cli
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for using Garmin Connect through a CLI, but users should notice that it requires installing an external CLI, logging into Garmin, and exposes commands that can change Garmin account data.
Before installing, verify the external Garmin CLI package source, understand that Garmin credentials and health data are sensitive, and ask the agent to get your confirmation before any upload, create, update, delete, or file-output command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the external CLI gives that package code access to run locally and handle Garmin login flows.
The setup relies on an external Homebrew tap and package that are not included in the reviewed artifacts. This is disclosed and central to the skill, but users should verify the package source before installing.
brew tap voydz/homebrew-tap brew install garmin-cli
Verify the Homebrew tap and package provenance before installing, and keep the CLI updated from a trusted source.
Anyone or any agent using the authenticated CLI may be able to access personal Garmin health, fitness, device, activity, workout, and profile information.
The skill requires Garmin account credentials and possibly MFA to access account health and fitness data. This is expected for Garmin Connect access, but it is sensitive account authority.
gc login --email EMAIL --password PASS [--mfa CODE | --wait-mfa]
Only use this skill on a trusted machine, avoid exposing passwords in logs or shared shell history, and log out when the integration is no longer needed.
If invoked with the wrong arguments, the agent could change or delete Garmin workout data or upload activity files to the account.
The command catalog includes Garmin account mutation operations, including uploading activities and creating, updating, or deleting workouts. These are disclosed CLI capabilities, not hidden behavior.
gc activities upload FILE # .fit, .gpx, .tcx ... gc workouts create --file workout.json ... gc workouts update WORKOUT_ID --file workout.json ... gc workouts delete WORKOUT_ID
Require explicit user confirmation before running upload, create, update, or delete commands, and review IDs and file paths carefully.