← 返回 Skills 市场
126
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install garmin-connect-skill
功能描述
Garmin Connect integration for OpenClaw: sync fitness data (steps, HR, calories, workouts, sleep) using OAuth. Supports China (garmin.cn) and Global (garmin....
使用说明 (SKILL.md)
Garmin Connect Skill
同步你的佳明手表数据到 OpenClaw,支持中国大陆和全球账号。
🎯 新架构(2026-03-13更新)
核心变化:
- ✅ 单一SQLite数据库存储所有数据
- ✅ 三种同步触发方式(定时/按需/手动)
- ✅ 龙虾直接读取数据库(快速响应)
- ✅ 完整数据支持(Body Battery、HRV、VO2 Max等)
- ✅ 数据库字段从26个扩展到58个(2026-03-13下午重大升级)
- ✅ 时序数据表支持(心率曲线、身体电量曲线等)
佳明服务器 → 统一同步脚本 → SQLite数据库
├─ 龙虾skill(读取)
└─ 网页前端(读取)
🚀 2026-03-13 重大升级
问题发现
用户发现身体电量显示不一致(服务器79 vs 手表28),发现数据库同步不完整。
解决方案
1. 数据库Schema升级
- 新增35个字段:时长类、压力详细值、呼吸/血氧详细值、wellness字段等
- 修复关键字段:
body_battery_current从存最高值改为存最新值 - 创建5个时序数据表:心率、身体电量、步数、压力、呼吸率曲线
- 创建1个动态反馈事件表
- 运动记录新增15个高级指标字段
2. 同步策略优化
- 完整版(sync_all.py v2.0):包含所有字段和时序数据,适合手动完整同步
- 简化版(sync_daily.py):只同步核心每日指标,适合定时任务
3. 数据完整度提升
- 标量字段:26% → 95%+
- 核心指标:100%完整
- 时序数据:表已创建,待后台同步
关键Bug修复
# 旧逻辑(错误)
body_battery_current = bodyBatteryHighestValue # 79
# 新逻辑(正确)
body_battery_current = bodyBatteryMostRecentValue # 29
快速开始
1. 认证(一次性)
中国大陆账号:
cd ~/openclaw/skills/garmin-connect
python3 scripts/garmin-auth.py [email protected] password --cn
全球账号:
python3 scripts/garmin-auth.py [email protected] password
认证成功后,凭证会加密保存到 ~/.garth/session.json。
2. 启动自动同步
systemd timer(推荐):
# 已自动配置,每1小时同步一次
sudo systemctl status garmin-sync.timer
手动触发:
python3 ~/.clawdbot/garmin/sync_all.py --source=manual
3. 测试数据读取
从数据库读取(快速):
python3 scripts/garmin_db_reader.py
从API读取(慢速,用于测试):
python3 scripts/garmin-sync.py
📊 数据结构
数据库位置
/home/roots/.clawdbot/garmin/data.db
包含的数据
每日健康指标 (daily_metrics):
- 基础:步数、距离、卡路里、活动时长、爬楼
- 心率:静息/最低/最高
- 身体电量:当前/最高/最低/充电/消耗
- 压力:平均/最高
- HRV:昨晚HRV
- 呼吸率
- VO2 Max
- 健身年龄
睡眠数据 (sleep_data):
- 时长、睡眠分数、质量百分比
- 深/REM/浅睡、清醒时间
- 午睡详情
运动记录 (workouts):
- 时间戳、类型、名称、距离、时长、卡路里、心率
🔄 同步触发方式
1. 系统定时(自动)
每1小时自动同步一次(systemd timer):
sudo systemctl start garmin-sync.timer
sudo systemctl enable garmin-sync.timer
查看下次同步时间:
systemctl list-timers | grep garmin
2. 龙虾按需触发
当你问"我刚才跑的咋样?"时:
from scripts.garmin_db_reader import trigger_sync_if_needed
# 如果数据超过5分钟,自动触发同步
trigger_sync_if_needed(max_age_minutes=5)
然后读取数据库回答。
3. 手动触发
# 从命令行
python3 ~/.clawdbot/garmin/sync_all.py --source=manual
# 从网页(前端API)
POST /api/sync
📝 使用示例
在OpenClaw中使用
方式1:从数据库读取(推荐)
import sys
sys.path.insert(0, '~/openclaw/skills/garmin-connect/scripts')
from garmin_db_reader import GarminDataReader, trigger_sync_if_needed
# 检查数据新鲜度,必要时触发同步
trigger_sync_if_needed(max_age_minutes=5)
# 读取数据
reader = GarminDataReader()
today = reader.get_today_metrics()
print(f"今日步数: {today['steps']}")
print(f"身体电量: {today['body_battery_current']}")
方式2:直接API调用(兼容旧代码)
from garmin_db_reader import get_daily_summary, get_workouts
# garmin_client 参数会被忽略,直接读数据库
data = get_daily_summary(None, '2026-03-13')
查看同步状态
reader = GarminDataReader()
status = reader.get_sync_status()
print(f"最后同步: {status['last_sync_time']}")
print(f"每日记录: {status['daily_metrics_count']} 条")
print(f"运动记录: {status['workouts_count']} 条")
🔧 故障排除
数据库不存在
# 手动运行一次同步
python3 ~/.clawdbot/garmin/sync_all.py --source=manual
同步失败
检查凭证:
cat ~/.garth/session.json
重新认证:
cd ~/openclaw/skills/garmin-connect
python3 scripts/garmin-auth.py your-email password
查看同步日志
# systemd日志
sudo journalctl -u garmin-sync.service -f
# 数据库同步日志
sqlite3 ~/.clawdbot/garmin/data.db "SELECT * FROM sync_log ORDER BY sync_time DESC LIMIT 10"
📁 文件结构
~/.clawdbot/garmin/
├── data.db # SQLite数据库
├── sync_daemon.py # 数据库管理
└── sync_all.py # 完整同步脚本
~/openclaw/skills/garmin-connect/
├── scripts/
│ ├── garmin_db_reader.py # 数据库读取(新增)
│ ├── garmin-auth.py # 认证
│ ├── garmin-sync.py # API获取(兼容)
│ └── ...
└── SKILL.md # 本文件
🆕 vs 旧版本
| 特性 | 旧版本 | 新版本 |
|---|---|---|
| 数据存储 | 无 | SQLite数据库 |
| 响应速度 | API调用(慢) | 数据库读取(快) |
| 同步触发 | cron(5分钟) | timer(1小时)+ 按需 |
| 数据完整性 | 基础指标 | 完整(含Body Battery等) |
| 消费者 | 仅skill | skill + 网页前端 |
🔗 相关项目
- 佳明健康仪表盘:
/home/roots/garmin-dashboard/ - 数据库:
~/.clawdbot/garmin/data.db
安全使用建议
Before installing or running this skill:
- Do NOT pass your Garmin password on the command line (the instructions and garmin-auth.py example use argv). Passing a password as an argument exposes it to other local users via process listings. Prefer an interactive prompt or an auth/token flow.
- garmin-auth.py stores your password base64-encoded in ~/.garth/session.json. Base64 is reversible — assume the saved credentials are effectively plaintext. If you must use this skill, plan to use an app-specific password or rotate credentials afterwards and restrict file permissions.
- The repo contains a hard-coded Feishu App Secret and App ID in scripts/daily_health_report_feishu.py. Treat this as suspicious: do not rely on those defaults; replace them with your own app credentials and remove the hard-coded secret. Consider rotating any keys that may have been exposed.
- SKILL.md claims a systemd timer is already configured but no unit/service files are present in the package. Verify any systemd units before enabling them; do not run sudo systemctl enable/start unless you understand what units will run.
- The skill writes a local SQLite DB (~/.clawdbot/garmin/data.db) containing health data. If you are concerned about privacy, review the DB schema (init_db.py) and limit access to that file (permissions) or run the skill in an isolated environment/container.
- If you want to proceed, audit the included scripts (especially garmin-auth.py, any code that transmits data, and the Feishu/webhook senders), remove hard-coded secrets, modify garmin-auth to prompt for passwords or use an OAuth token mechanism, and consider running the code in a sandboxed user account or container. If unsure, mark this skill as untrusted until the author addresses the credential handling and instruction inconsistencies.
功能分析
Type: OpenClaw Skill
Name: garmin-connect-skill
Version: 1.0.0
The skill bundle provides a functional Garmin Connect integration but exhibits several high-risk security vulnerabilities. Most notably, 'scripts/daily_health_report_feishu.py' contains a hardcoded Feishu App ID and App Secret (cli_a93b2fe33db85bce / sXYUTkNRSSBFxYTTS8UNfe7koyZwS8PB), and 'scripts/garmin-auth.py' stores user passwords in plaintext Base64 obfuscation within '~/.garth/session.json'. Additionally, 'scripts/garmin_quick_response.py' utilizes 'os.popen' for command execution, and 'scripts/sync_all.py' contains hardcoded absolute paths to a specific developer's local environment ('/Users/sq/...'). While these appear to be unintentional security flaws rather than deliberate malware, they pose a significant risk to credential confidentiality.
能力评估
Purpose & Capability
Name/description match the included code: scripts implement Garmin OAuth, sync to local SQLite (~/.clawdbot/garmin/data.db), and provide readers/reports. Included dependencies (garminconnect, requests) are plausible. However the skill also bundles Feishu (Lark) push integrations and a hard-coded App Secret inside scripts/daily_health_report_feishu.py — pushing to a third-party chat service is reasonable for notifications but the presence of a credential baked into code (and a 'garth' dependency) is unexpected and should be justified by the author.
Instruction Scope
SKILL.md and scripts instruct users to run 'python3 scripts/garmin-auth.py your-email password --cn' (passing password as a command-line argument), to 'cat ~/.garth/session.json', and claim a systemd timer is 'already configured' and enabled (sudo systemctl status garmin-sync.timer). The repo does not include systemd unit files in the manifest, so the 'already configured' claim is inconsistent. The instructions reference multiple different filesystem paths (~/: ~/openclaw/skills/..., ~/.clawdbot/garmin/, ~/.garth/), which is confusing and can cause misconfiguration. Reading/writing local session.json and data.db is expected for this skill, but the instructions encourage insecure practices (expose password on CLI and view session file content).
Install Mechanism
No install spec (instruction-only) and only a requirements.txt referencing public pip packages (garminconnect, requests, python-dateutil, garth). No downloads from arbitrary URLs or archive extraction. Risk from installation is limited to running pip install of listed packages (moderate).
Credentials
Registry metadata declares no required env vars, but the code handles and persists sensitive credentials: garmin-auth.py asks for email/password and saves a base64-encoded password into ~/.garth/session.json (weak/ reversible obfuscation). The Feishu setup file in scripts/daily_health_report_feishu.py contains a hard-coded default app_secret ('sXYUTkNRSSBFxYTTS8UNfe7koyZwS8PB') and default app_id value — embedding another service's secret in source is suspicious and may indicate accidental leakage of someone else's credentials or a backdoor. The skill reads/writes several user-home config paths (~/.garth/, ~/.clawdbot/, feishu config files, webhooks), which are proportionate to syncing and notifications but the storage and handling of secrets are insecure and not declared in metadata.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It creates and updates files in the user's home directory (~/.garth/session.json, ~/.clawdbot/garmin/data.db, various ~/.clawdbot/*.json). That behavior is expected for a local-sync skill, but SKILL.md's claim that a systemd timer is 'auto configured' is unsupported by the file manifest (no .service/.timer units included). Persisting credentials in home directory with weak protections and default hard-coded secrets increases risk if the machine is shared or compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install garmin-connect-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/garmin-connect-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Garmin Connect skill 1.0.0 – Major architecture and data upgrade
- Introduces unified SQLite database for all Garmin data, enabling much faster access.
- Supports 3 sync triggers: automatic (hourly), on-demand, and manual.
- Expands daily metrics schema from 26 to 58 fields, supporting Body Battery, HRV, VO2 Max, and more.
- Adds dedicated time-series tables (e.g., heart rate, body battery curves) and advanced workout metrics.
- Greatly improves data completeness and fixes key bugs (e.g., accurate Body Battery values).
- Compatible with both China (garmin.cn) and Global (garmin.com) accounts, supporting OpenClaw and web frontends.
元数据
常见问题
garmin-connect-skill 是什么?
Garmin Connect integration for OpenClaw: sync fitness data (steps, HR, calories, workouts, sleep) using OAuth. Supports China (garmin.cn) and Global (garmin.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 126 次。
如何安装 garmin-connect-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install garmin-connect-skill」即可一键安装,无需额外配置。
garmin-connect-skill 是免费的吗?
是的,garmin-connect-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
garmin-connect-skill 支持哪些平台?
garmin-connect-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 garmin-connect-skill?
由 tcyxk(@tcyxk)开发并维护,当前版本 v1.0.0。
推荐 Skills