garmin-connect

Warn

Audited by Socket on May 31, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill's purpose broadly matches its capabilities, but its trust model is weak: it installs a third-party CLI via pipe-to-shell and asks the user to authenticate to Garmin through that same non-official binary. That combination is disproportionate for a health-data skill and creates high supply-chain and credential-forwarding risk, even without direct evidence of malicious exfiltration.

Confidence: 88%Severity: 86%
Audit Metadata
Analyzed At
May 31, 2026, 04:47 AM
Package URL
pkg:socket/skills-sh/eddmann%2Fgarmin-connect-cli%2Fgarmin-connect%2F@4bc35dabaf9c0791630542be75ffe5556ef7f1f6
Security Audit — socket — garmin-connect