Trust Assessment
garmin-connect received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 0 critical, 4 high, 6 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Sensitive path access: AI agent config, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 54/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/godsboy/garmin-connect-fixed/SKILL.md:45 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/godsboy/garmin-connect-fixed/SKILL.md:102 | |
| HIGH | Password passed via command-line arguments The `garmin-auth.py` script takes the user's Garmin password directly as a command-line argument. This is insecure as the password can be exposed in shell history, process lists (`ps aux`), or system logs, making it vulnerable to unauthorized access or credential harvesting. Use a secure method for password input, such as `getpass` to prompt for the password without echoing it to the console or storing it in shell history. Alternatively, leverage environment variables or a secure configuration management system. | LLM | scripts/garmin-auth.py:50 | |
| HIGH | Unsanitized user input for cache file path The `garmin-sync.py` script allows the user to specify an arbitrary path for the cache file via `sys.argv[1]`. If an attacker can control this argument, they could direct the script to write sensitive Garmin data (steps, heart rate, sleep, workouts) to an arbitrary file location, potentially overwriting critical system files or exfiltrating data to an accessible directory. Restrict the `cache_file` path to a predefined, secure directory (e.g., `~/.clawdbot/`) and only allow the user to specify the filename, not the full path. Ensure the path is properly sanitized and validated to prevent directory traversal attacks. | LLM | scripts/garmin-sync.py:180 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/godsboy/garmin-connect-fixed/scripts/garmin-formatter.py:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'garminconnect>=0.2.38' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/godsboy/garmin-connect-fixed/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/godsboy/garmin-connect-fixed/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dateutil>=2.8.2' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/godsboy/garmin-connect-fixed/requirements.txt:3 | |
| MEDIUM | Sensitive data cached to world-readable /tmp directory by default The `garmin-sync-oauth.py` script defaults to saving sensitive Garmin fitness data to `/tmp/garmin-cache.json` if no configuration is found or specified. The `/tmp` directory is typically world-readable and world-writable, meaning other users or processes on the system could potentially read this file and access the user's private fitness data. Change the default cache location to a user-specific, non-world-readable directory, such as `~/.clawdbot/.garmin-cache.json` (consistent with `garmin-sync.py`) or a subdirectory within `~/.garth/`. | LLM | scripts/garmin-sync-oauth.py:40 | |
| MEDIUM | Dependencies pinned to minimum versions, not exact versions The `requirements.txt` file specifies dependencies using minimum version specifiers (e.g., `garminconnect>=0.2.38`). This allows `pip` to install any newer version, which could potentially introduce breaking changes, new vulnerabilities, or malicious code if a future version of a dependency is compromised. Pin dependencies to exact versions (e.g., `garminconnect==0.2.38`) to ensure reproducible builds and prevent unexpected updates. Use a tool like `pip-compile` or `pip freeze > requirements.txt` after verifying dependencies in a controlled environment. | LLM | requirements.txt:1 | |
| LOW | Hardcoded absolute path in cron script The `garmin-cron.sh` script uses a hardcoded absolute path (`/home/mamotec/clawd/garmin-connect-clawdbot`) for its `cd` command. This makes the script non-portable and assumes a specific deployment location. While not a direct security vulnerability in this specific context (as it's not user-controlled), it's a poor practice that can lead to misconfigurations or unexpected behavior if the skill is moved or deployed in a different environment. Use relative paths or derive the base path dynamically (e.g., `cd "$(dirname "$0")/.."` or `cd "$(readlink -f "$(dirname "$0")/..")"`) to make the script more robust and portable. | LLM | scripts/garmin-cron.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/036e1e82a46d26d9)
Powered by SkillShield