Activity
Mon
Wed
Fri
Sun
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
What is this?
Less
More

Memberships

Athlete AI Community

377 members • Free

AI Automation Society

424.7k members • Free

AI Automation Agency Hub

328.8k members • Free

2 contributions to Athlete AI Community
I had my AI red-team the Garmin setup — here's a hardened version (Win + Mac)
(works with any AI you use) Like many of you I wanted my Garmin recovery data (sleep, HRV, resting HR, body battery) going into my AI coach — it's the data Strava can't give you, and for me it changed the conversation from "how far did you run" to "why was your Wednesday night 4.5 hours of sleep." Before running the setup from the classroom guide, I did what the guide itself kind of teaches us: I asked my AI to review it first — and then to red-team the result. A proper adversarial security review. It found real things worth fixing before I'd type my Garmin password anywhere. So we rebuilt it, audited it, and I'm sharing the result so you don't have to choose between your data and your peace of mind. Same idea, same open-source library (python-garminconnect), one script — but hardened: - Read-only, and provably local. The only network connection is to Garmin. No upload endpoints, no analytics. The script is ~350 lines — you (or your AI) can read every one. - Your password is typed once, hidden, never stored — not in files, not in environment variables, not in your shell history. The script even refuses to run in terminals that can't hide your password. - Your login token never gets printed and is saved with locked-down permissions. (A printed token = a year of account access sitting in your terminal scrollback.) - Dependencies pinned to exact versions, so a compromised future release of some library can't silently install itself on your machine. - Smarter failure behavior: if the network is down, it tells you it's the network — so you never get trained into re-typing your password "just in case." That habit is exactly what phishing lives on. What you get: a garmin/ folder of clean markdown notes — one wellness note per day, one per workout, plus a data.json. Point your AI coach at it and every morning it knows how you slept before it tells you what to do. Setup: unzip, follow the README. Five minutes, Windows and Mac covered, including how to schedule it to run automatically every morning (with catch-up for days your machine was off). The only thing you ever type is your Garmin login, once.
0 likes • 14h
great sharing.
1 like • 13h
i tried connecting Strava but it says i need to be a strava subscriber, which i'm not. The whole point in building this in Claude is that i can use AI coach to analyse my data but not pay expensive subscription. also i asked Claude to review the py script. the below is what it gave me: 1. Move the token out of a flat file, into the OS Keychain Right now the auth token sits in~/.garminconnectas a file — permission-locked (600), but still a file anyone with root/your user session (or a bad backup, or a malware scan) could read. On Mac, thekeyringlibrary can store it in the macOS Keychain instead — encrypted at rest, gated by your login/Touch ID, and never exists as a bare file on disk. This is the single biggest security upgrade available. 2. Pin dependencies by hash, not just version requirements.txtcurrently pins versions (garminconnect==0.3.2), which stops "silently install a newer compromised release" but not "someone publishes a maliciousgarminconnect==0.3.2" (rare, but pip lets you pin the exact file hash too via--require-hashes). Stronger supply-chain guarantee for a script that's about to hold your login. 3. Run it in an isolated virtual environment The script's dependencies currently install globally. A dedicatedvenvfor this script meanscurl_cffi/ua-generator/etc. can't interfere with or be interfered with by anything else on your machine, and it's trivial to wipe cleanly. 4. Add a rollup summary file for me to read Right now every sync writes one file per day and one per activity. For me to answer "how was my training this week," I'd have to open many small files. Agarmin/summary-last-14-days.mdthat the script regenerates each run (a compact table: date, activity, distance, HR, sleep, HRV, readiness) would make my reads faster and cheaper, while the detailed per-day/per-activity files stay as the full record. 5. Add a retention policy data.jsongrows forever. Since this is sensitive health data (sleep, HRV, stress), it's worth deciding on a rolling window (e.g., keep 12 months, prune older) rather than accumulating indefinitely by default.
Strave Connect issue
Since June 26, Strava needs paid account to create API connection. Is the plan switch to Garmin?
1-2 of 2
Viola Wong
1
3points to level up
@viola-wong-4746
someone wanting to learn and capture the opportunities made available from new AI technologies

Online now
Joined Jul 12, 2026
Powered by