功能描述

Fitbit fitness data integration. Use when the user wants fitness insights, workout summaries, step counts, heart rate data, sleep analysis, or to ask questions about their Fitbit activity data. Provides AI-powered analysis of fitness metrics.

使用说明 (SKILL.md)

Fitbit Fitness Insights

Name: Fitbit Insights
Author: poisondminds

Get AI-powered insights from your Fitbit data. Query your fitness metrics, analyze trends, and ask questions about your activity.

Features

📊 Daily activity summaries (steps, calories, distance, active minutes)
💓 Heart rate data and zones
😴 Sleep tracking and analysis
🏃 Workout/activity logs
📈 Weekly and trend analysis
🤖 AI-powered insights and Q&A

Prerequisites

Requires: Fitbit OAuth access token

Setup steps in references/fitbit-oauth-setup.md

Commands

Get Profile

FITBIT_ACCESS_TOKEN="..." python3 scripts/fitbit_api.py profile

Daily Activity

python3 scripts/fitbit_api.py daily [date]
# Examples:
python3 scripts/fitbit_api.py daily              # Today
python3 scripts/fitbit_api.py daily 2026-02-08   # Specific date

Returns: steps, distance, calories, active minutes (very/fairly/lightly/sedentary), floors

Steps Range

python3 scripts/fitbit_api.py steps \x3Cstart_date> \x3Cend_date>

Example:

python3 scripts/fitbit_api.py steps 2026-02-01 2026-02-07

Returns: total steps, average steps, daily breakdown

Heart Rate

python3 scripts/fitbit_api.py heart [date]

Returns: resting heart rate, heart rate zones with minutes in each zone

Sleep Data

python3 scripts/fitbit_api.py sleep [date]

Returns: duration, efficiency, start/end times, sleep stages

Logged Activities

python3 scripts/fitbit_api.py activities [date]

Returns: workouts/activities logged (name, duration, calories, distance)

Weekly Summary

python3 scripts/fitbit_api.py weekly

Returns: 7-day summary of steps and key metrics

AI Insights Usage

When user asks fitness questions, use the API to fetch relevant data, then provide insights:

Example queries:

"How did I sleep last night?" → fetch sleep data, analyze quality
"Did I hit my step goal this week?" → fetch weekly summary, compare to goals
"What was my average heart rate during workouts?" → fetch heart + activities, analyze
"Am I more active on weekdays or weekends?" → fetch range data, compare patterns

Analysis approach:

Identify what data is needed
Fetch via appropriate API command
Analyze the data
Provide insights in conversational format

Example Responses

User: "How did I do this week?"

Agent:

Fetch weekly summary
Fetch recent sleep data
Respond: "You had a solid week! Averaged 8,234 steps/day (up 12% from last week). Hit your 10k step goal 4 out of 7 days. Sleep averaged 7.2 hours with 85% efficiency. CrossFit sessions on Mon/Wed/Fri looking consistent!"

User: "Did I exercise today?"

Agent:

Fetch daily activities
Fetch daily activity summary (active minutes)
Respond: "Yes! You logged a CrossFit session this morning (45 min, 312 calories). Plus 28 very active minutes total for the day."

Data Insights to Look For

Trends: Week-over-week changes, consistency patterns
Goals: Compare to 10k steps, exercise frequency, sleep targets
Correlations: Sleep quality vs activity, rest days vs performance
Anomalies: Unusual spikes or drops
Achievements: Personal bests, streaks, milestones

Token Management

The skill automatically loads tokens from /root/clawd/fitbit-config.json and refreshes them when expired (every 8 hours).

Auto-refresh: Tokens are refreshed automatically - no manual intervention needed!

Manual refresh (if needed):

python3 scripts/refresh_token.py force

Override with environment variable:

export FITBIT_ACCESS_TOKEN="manual_token"

Error Handling

Missing token: Prompt user to set FITBIT_ACCESS_TOKEN
API errors: Check token validity, may need refresh
No data: Some days may have no logged activities or missing metrics

See references/fitbit-oauth-setup.md for token management.

安全使用建议

Do not install yet. Ask the author/maintainer to: (1) provide the missing runtime scripts (fitbit_api.py, refresh_token.py, scripts/) or explain where they come from; (2) update the registry metadata to declare required env vars and config path (FITBIT_ACCESS_TOKEN, client_id, client_secret, refresh_token and the config file path); (3) show the actual code so you or a reviewer can confirm there is no hidden network endpoint or exfiltration logic and that token refresh is implemented safely. If you proceed, run in a sandbox, inspect the included scripts for unexpected network requests or uploads, store client_secret/refresh_token securely (prefer least-privilege storage, strict file permissions or environment variables), and verify tokens are not transmitted to any endpoint other than api.fitbit.com. If the package lacks the scripts it documents, treat it as mispackaged and avoid installing until corrected.

功能分析

Type: OpenClaw Skill Name: fitbit-insights Version: 1.0.0 The skill is classified as suspicious due to its explicit handling of highly sensitive OAuth credentials (client ID, client secret, access token, refresh token) from a hardcoded file path (`/root/clawd/fitbit-config.json`) as instructed in `SKILL.md` and `SETUP.md`. While this capability is plausibly needed for the stated purpose of integrating with the Fitbit API, the direct access and management of these critical credentials by the AI agent, even without clear evidence of intentional malicious exfiltration, represents a significant security risk. The skill otherwise appears to align with its stated purpose, uses only Python standard libraries, and lacks other overt malicious indicators like remote code execution or persistence.

能力评估

⚠ Purpose & Capability

The stated purpose (fetch Fitbit data and analyze it) legitimately requires OAuth tokens and client credentials. However, the registry metadata declares no required environment variables or config paths, while the SKILL.md and SETUP guide clearly require a local config file (/root/clawd/fitbit-config.json) and OAuth credentials. That mismatch between what the skill needs and what it declares is an incoherence that should be resolved.

⚠ Instruction Scope

Runtime instructions tell the agent to load tokens from /root/clawd/fitbit-config.json, auto-refresh tokens, and run scripts (python3 scripts/fitbit_api.py and scripts/refresh_token.py). Those actions are within the expected scope for a Fitbit integrator, but SKILL.md references file paths and scripts that are not declared in metadata and are missing from the provided file manifest. The instructions also allow overriding via FITBIT_ACCESS_TOKEN env var even though no env vars are declared — another inconsistency.

⚠ Install Mechanism

There is no install spec (instruction-only), which reduces install-time risk. However, the documentation and runtime instructions reference code files (fitbit_api.py, refresh_token.py, scripts/) that are not present in the package manifest. That suggests the package is mispackaged or relies on external files/install steps not documented in the registry metadata — this makes it unclear what will actually run after installation.

⚠ Credentials

The skill requires sensitive items (client_id, client_secret, access_token, refresh_token) according to SETUP.md and SKILL.md, but none are declared in the registry metadata. Storing refresh_token and client_secret in a readable file under /root/clawd is sensitive. Requesting these credentials is proportionate to the claimed purpose, but failing to declare them and instructing a specific filesystem location without noting permissions is a security concern.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It does expect to read a local credential file and to run periodic refresh logic (every 8 hours). That behavior is reasonable for an OAuth-based integration, but combined with the other inconsistencies (missing scripts, undeclared credentials) it increases the risk surface.

版本历史

v1.0.0

Fitbit 1.0.0 Changelog - Initial release with comprehensive integration for Fitbit fitness data. - Added features for querying and analyzing steps, heart rate, sleep, activity logs, and trends. - Provides AI-powered insights and answers about user fitness metrics. - Includes OAuth token setup instructions and automated token refresh. - Added sample commands and example response scenarios for user queries.

元数据

Slug fitbit-insights

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Fitbit Insights 是什么？

Fitbit fitness data integration. Use when the user wants fitness insights, workout summaries, step counts, heart rate data, sleep analysis, or to ask questions about their Fitbit activity data. Provides AI-powered analysis of fitness metrics. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1045 次。

如何安装 Fitbit Insights？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install fitbit-insights」即可一键安装，无需额外配置。

Fitbit Insights 是免费的吗？

是的，Fitbit Insights 完全免费（开源免费），可自由下载、安装和使用。

Fitbit Insights 支持哪些平台？

Fitbit Insights 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Fitbit Insights？

由 poisondminds（@poisondminds）开发并维护，当前版本 v1.0.0。

Fitbit Insights