garmin-health-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
garminconnect,fitparse, andgpxpylibraries to interface with Garmin's API and parse specialized fitness file formats. These are established community packages. - [COMMAND_EXECUTION]: An
install.shscript is included to automate the installation of Python dependencies and the initial configuration. This script performs routine setup tasks such as checking for Python 3 and runningpip3 install. - [SAFE]: The skill demonstrates defensive security practices by storing sensitive authentication tokens in a local directory (
~/.clawdbot/garmin) and explicitly setting restricted file permissions (0o700) to prevent unauthorized local access. It avoids hardcoding credentials, instead relying on environment variables or local configuration files to authenticate with Garmin's official services.
Audit Metadata