Security audit

garmin connect cn

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Garmin Connect CN helper, but it needs Review because it can access sensitive health/location data while using broad activation rules and weak credential handling.

Install only if you explicitly want an agent to access your Garmin Connect CN account and personal health/activity data. Avoid entering the password on shared machines or in logged shells, consider removing ~/.config/garmin-cn/credentials.json after use, confirm before querying sensitive metrics, and keep exported activity files in a private location.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to perform a broad filesystem search to locate scripts and to install dependencies dynamically. In an agent environment, this expands access beyond Garmin data into host discovery and environment modification, which increases the chance of unintended data exposure, policy bypass, or unsafe execution on sensitive systems.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The CLI persists the user's Garmin email and password in plaintext JSON under ~/.config/garmin-cn/credentials.json. Even with mode 0600, storing reusable credentials unencrypted creates a real credential-exposure risk if the local account, backups, logs, or filesystem are compromised, and it expands the skill from data access into credential management.

Vague Triggers

High

Confidence: 95% confidence
Finding: The activation rule tells the agent to prioritize this skill even when the user did not explicitly ask for Garmin or Garmin Connect. That can cause over-collection of highly sensitive health and activity data, invoking account-linked tooling in contexts where the user only asked a general fitness question.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The applicable-scenario list is expansive and lacks boundaries, making it easy for an orchestrator to invoke the skill for generic health, sleep, or exercise questions that do not require account access. In this context, the skill targets personal health telemetry, so overly broad triggers materially increase privacy risk.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs the user to pass email and password on the command line and states that credentials are stored persistently, but gives no clear privacy warning or safer alternative. Command-line credentials may be exposed via shell history, process listings, logs, or agent traces, and persistent local storage of account credentials increases the blast radius if the host is compromised.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The export and output instructions write sensitive health and activity data to local disk but omit any warning about privacy, retention, or destination safety. Exported GPX/FIT/TCX/CSV files can reveal location history, health metrics, and exercise patterns, and writing them to the current directory by default may expose them to other users, sync tools, or backups.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document shows a login command that places email and password directly on the command line and redirects output to disk, but it does not warn that shell history, process listings, CI logs, or shared terminals can expose those credentials. In a skill handling health data, this materially increases the chance of account compromise during testing or operations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow instructs users to bulk query, export, and persist long-range health and activity data to /tmp without any notice about sensitivity, access control, retention, or encryption. Because the skill targets Garmin health metrics and activity exports, the stored files can reveal highly sensitive personal, biometric, and location information if the host is shared or compromised.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Credentials are silently written to disk as plaintext during login without a strong, explicit user-facing warning or consent flow. Because the data are highly sensitive and reusable, users may unknowingly leave long-lived secrets on disk, increasing the chance of account compromise through local disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal