Back to skill

Security audit

Garmin Sync CN

Security checks across malware telemetry and agentic risk

Overview

This Garmin health-data sync skill is disclosed enough to avoid a malicious verdict, but it embeds account credentials and gives an agent broad authority over browser sessions, health databases, and remote pushes.

Review before installing. Only use this in an environment where you own the Garmin account, the browser profile, the databases, and the git remotes. Remove the embedded credentials, replace session reuse with an explicit user-approved authentication flow, make all storage and remote destinations configurable, and require confirmation before any database write or push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
100% confidence
Finding
The skill contains hardcoded login credentials and explicit instructions to inject MFA codes into a live login flow. This exposes account secrets, enables unauthorized access, and normalizes bypass-style automation against a personal account using an existing browser session.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Automatically committing and pushing data to two git remotes expands the skill's data exfiltration surface beyond local synchronization. Health data and derived records may be replicated to external repositories without adequate access control, user awareness, or necessity for the stated function.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation says the skill writes to local and server databases, but it also performs git synchronization to remote destinations. This hidden outbound data flow undermines informed consent and can cause users to underestimate where sensitive health data is being copied.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill writes health data to local and remote databases and pushes related artifacts to git remotes without clear risk disclosure or explicit consent. Because the data includes sensitive personal wellness metrics, undisclosed persistence and replication materially increase privacy, compliance, and leakage risks.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly proposes reusing a logged-in Chrome session to bypass OAuth 403 restrictions, but does not disclose the privacy and account-integrity risks of accessing a user's active browser session. In this context, session reuse is especially dangerous because it can leverage existing authentication state to access sensitive Garmin health data without a fresh, transparent authorization step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly recommends relying on a persistent authenticated Chrome/session cookie to access Garmin Connect without repeated verification, but provides no warning about the security and privacy implications of reusing an already logged-in browser session. In this skill’s context, that guidance is more dangerous because the overall skill is designed to bypass OAuth 403 by leveraging the user’s existing browser authentication, increasing the chance of unauthorized account access, silent data scraping, or over-collection of sensitive health data if the automation is misused or the local environment is compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.