Skills
skills/thinkfleetai/thinkfleet-engine/strava/Gen Agent Trust Hub

strava

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the curl binary to perform API requests and employs standard Unix utilities such as grep, awk, cut, and date for processing and formatting activity data.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive OAuth 2.0 credentials, including STRAVA_ACCESS_TOKEN, STRAVA_REFRESH_TOKEN, and STRAVA_CLIENT_SECRET. These are stored locally in the user's environment or a configuration file (~/.thinkfleet/thinkfleet.json) as part of its intended functionality.
  • [EXTERNAL_DOWNLOADS]: Network operations are directed exclusively to well-known and official Strava domains (strava.com and developers.strava.com) for data synchronization and token exchange.
  • [REMOTE_CODE_EXECUTION]: Refers to a local maintenance script (refresh_token.sh) located within the skill's own directory to handle the automated refreshing of expired access tokens.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:15 AM