← Back to Skills Marketplace
302
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-fitbit
Description
Official Fitbit OAuth integration for OpenClaw (Tier 1). Use to connect/authorize Fitbit, store+refresh tokens locally, fetch daily activity + sleep summarie...
Usage Guidance
This skill appears to do exactly what it claims: perform Fitbit OAuth, save tokens locally, fetch daily activity and sleep, normalize, and render a digest. Before installing/running: 1) Fix or confirm the registry metadata mismatch — the skill requires FITBIT_CLIENT_ID, FITBIT_CLIENT_SECRET, and FITBIT_REDIRECT_URI. 2) Only provide your Fitbit client_id/client_secret if you trust the code; these are sensitive and allow token exchanges. 3) Note the token file is written to ~/.config/openclaw/fitbit/token.json (or FITBIT_TOKEN_PATH) and the code attempts to chmod it to 0600; verify that location and permissions meet your security needs. 4) Loopback mode starts a local HTTP listener on 127.0.0.1 for OAuth redirects — that's normal but ensure the redirect URI is correct. 5) If unsure, review the bundled scripts locally before running; they use only standard Python libraries and communicate only with Fitbit's documented endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-fitbit
Version: 0.1.0
The skill bundle is a standard Fitbit API integration that implements OAuth2 authentication and data retrieval using Python's standard library. It handles sensitive credentials (tokens and client secrets) appropriately by storing them with restricted file permissions (0o600) and only communicating with official Fitbit endpoints (api.fitbit.com). No evidence of data exfiltration, malicious execution, or prompt injection was found across the scripts (fitbit_fetch_daily.py, fitbit_token.py) or documentation.
Capability Assessment
Purpose & Capability
The skill's name/description (Fitbit OAuth, fetch daily activity/sleep, normalize, render) matches the included scripts and SKILL.md. One inconsistency: the registry metadata at the top lists "Required env vars: none", but SKILL.md and the code clearly require FITBIT_CLIENT_ID, FITBIT_CLIENT_SECRET, and FITBIT_REDIRECT_URI. This is likely an editorial/metadata error rather than malicious behavior.
Instruction Scope
SKILL.md instructs the agent and user to run the included Python scripts to perform OAuth, fetch Fitbit API endpoints, normalize, and render results. The scripts only access the declared env vars, the local token file (default: ~/.config/openclaw/fitbit/token.json), and the official Fitbit API endpoints. They do not read arbitrary system files or contact unexpected external endpoints.
Install Mechanism
There is no install spec (instruction-only), and the code files are bundled with the skill. No remote downloads or archive extraction occur. The scripts use only Python stdlib and will run locally when invoked.
Credentials
The env vars required by SKILL.md (FITBIT_CLIENT_ID, FITBIT_CLIENT_SECRET, FITBIT_REDIRECT_URI, and optional FITBIT_TOKEN_PATH, FITBIT_TZ, FITBIT_SCOPES) are proportionate and expected for an OAuth integration. The earlier registry 'Requirements' section incorrectly listed no required env vars; this mismatch should be corrected before deployment.
Persistence & Privilege
The skill does persist a Fitbit token to a local file (~/.config/openclaw/fitbit/token.json by default) and will refresh tokens as needed. It sets file permissions to 0600 when possible. The skill is not marked always:true and does not modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-fitbit - After installation, invoke the skill by name or use
/openclaw-fitbit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: OAuth (remote copy/paste + optional loopback), fetch daily activity + sleep, normalize for Wellness hub, and channel-aware rendering.
Metadata
Frequently Asked Questions
What is Fitbit (Official API)?
Official Fitbit OAuth integration for OpenClaw (Tier 1). Use to connect/authorize Fitbit, store+refresh tokens locally, fetch daily activity + sleep summarie... It is an AI Agent Skill for Claude Code / OpenClaw, with 302 downloads so far.
How do I install Fitbit (Official API)?
Run "/install openclaw-fitbit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Fitbit (Official API) free?
Yes, Fitbit (Official API) is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Fitbit (Official API) support?
Fitbit (Official API) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Fitbit (Official API)?
It is built and maintained by Gavin C. (@gavinchengcool); the current version is v0.1.0.
More Skills