Trust Assessment
garmin-health-analysis received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Unpinned Python Dependencies, Unpinned Python Dependencies (Manifest).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/eversonl/garmin-health-analysis/install.sh:50 | |
| HIGH | Unpinned Python Dependencies The skill installs Python packages `garminconnect`, `fitparse`, and `gpxpy` without specifying exact versions. This introduces a supply chain risk where a malicious update to any of these packages could lead to arbitrary code execution on the host system when the skill is installed or updated. Pin all Python dependencies to exact versions (e.g., `garminconnect==X.Y.Z`) in `install.sh` and the manifest to ensure reproducible and secure installations. Regularly review and update these pinned versions. | LLM | install.sh:21 | |
| HIGH | Unpinned Python Dependencies (Manifest) The skill's manifest declares Python dependencies `garminconnect`, `fitparse`, and `gpxpy` without specifying exact versions. This reinforces the supply chain risk identified in `install.sh`, as the manifest serves as a primary source of dependency information. Pin all Python dependencies to exact versions (e.g., `garminconnect==X.Y.Z`) in the skill's manifest to ensure reproducible and secure installations. Regularly review and update these pinned versions. | LLM | SKILL.md:1 | |
| INFO | Sensitive Data Output to Standard Output The scripts `garmin_data.py`, `garmin_data_extended.py`, and `garmin_query.py` output sensitive personal health data (e.g., sleep, heart rate, body battery, HRV) directly to standard output (stdout) in JSON format. While this is the intended functionality for an agent skill to process, it means the host LLM will have direct access to this data. The risk depends on how the LLM and its environment are secured and whether this data is subsequently logged or transmitted. Ensure that the host LLM environment has robust data handling policies for sensitive information. Implement strict logging controls and data retention policies for any data processed by the agent. Provide clear user consent mechanisms for handling health data. | LLM | scripts/garmin_data.py:1 | |
| INFO | Local Storage of Authentication Tokens The `garmin_auth.py` script stores Garmin Connect session tokens in `~/.clawdbot/garmin/` with `0o700` permissions. While these permissions restrict access to the owner, the presence of long-lived session tokens on the local filesystem represents a sensitive asset. If the host system is compromised, these tokens could be exfiltrated and used to access the user's Garmin Connect account. Educate users about the security implications of storing authentication tokens locally. Implement mechanisms for users to easily revoke tokens or enforce shorter token lifetimes if possible. Ensure the host system's security posture is strong to protect these sensitive files. | LLM | scripts/garmin_auth.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/5bff51dbd5c8170b)
Powered by SkillShield