Oathe Security Badge

Is nftechie/strava-skill safe?

https://github.com/nftechie/strava-skill

93
SAFE

This is a legitimate fitness tracking skill that provides API documentation for accessing Strava data through the Transition service. The skill contains only markdown documentation with no executable code or malicious behavior detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

LOW External API Dependency -5

The skill relies on the Transition API (api.transition.fun) to access Strava data. Users must trust this third-party service with their fitness data and provide API credentials.

LOW Third-party Service Trust Model -15

The skill requires users to create accounts with Transition service and share Strava credentials, creating an additional trust boundary beyond the direct Strava integration.