← 返回 Skills 市场
Withings Family
作者
Oliver Drobnik
· GitHub ↗
· v1.1.2
2171
总下载
1
收藏
2
当前安装
8
版本数
在 OpenClaw 中安装
/install withings-family
功能描述
Fetches health data from the Withings API for multiple family members including weight, body composition (fat, muscle, bone, water), activity, and sleep. Use...
安全使用建议
This skill appears to do exactly what it says: it needs your Withings developer Client ID/Secret and will store per-user OAuth tokens in ~/.openclaw/withings-family (legacy ~/.moltbot/withings-family). Before installing, consider: (1) only provide WITHINGS_CLIENT_ID/WITHINGS_CLIENT_SECRET if you trust the skill/source; (2) the scripts start a local callback server (localhost:18081) during OAuth — ensure that port is available and run the flow only on a trusted machine; (3) token files are written to your home directory and the code attempts to chmod them to 0600 — verify those files and revoke tokens in your Withings account if you stop using the skill; (4) the SKILL.md contains a minor doc mismatch (the oauth helper docstring mentions port 8080 but the script and README use 18081), which is non-malicious but worth noting; (5) because code is included in cleartext, you can and should review it yourself if you have concerns. Overall the requirements and behavior are proportionate to the skill's purpose.
功能分析
Type: OpenClaw Skill
Name: withings-family
Version: 1.1.2
The OpenClaw Withings Family skill is benign. It securely handles OAuth authentication with Withings API, including robust user ID sanitization to prevent path traversal for token files, secure file permissions (0o600) for sensitive tokens, and CSRF protection using a 'state' parameter during the OAuth flow. All network communication is directed to legitimate Withings API endpoints, and there is no evidence of data exfiltration to unauthorized destinations, malicious command execution, persistence mechanisms, or prompt injection attempts in the SKILL.md documentation. The code's functionality is entirely aligned with its stated purpose of fetching health data.
能力评估
Purpose & Capability
Name/description ask for Withings data and the package only requires python3 plus WITHINGS_CLIENT_ID/WITHINGS_CLIENT_SECRET. The scripts perform OAuth and call Withings endpoints (account.withings.com and wbsapi.withings.net), which is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs running the included Python scripts and describes OAuth flows and token storage. The runtime instructions and the scripts' operations are narrowly scoped to authenticating and fetching Withings measurements; they only reference files under ~/.openclaw/withings-family (legacy ~/.moltbot/) and the declared env vars. No instructions ask the agent to read unrelated system files or transmit data to unknown endpoints.
Install Mechanism
No install spec — the skill is instruction + included scripts. Nothing is downloaded at install time and no external packages or arbitrary URLs are used. Risk from installation is low because code ships with the skill and no extraction from untrusted URLs occurs.
Credentials
Only two env vars are required: WITHINGS_CLIENT_ID and WITHINGS_CLIENT_SECRET. Those are the expected credentials for calling the Withings API. The scripts also optionally read a config.json from the skill directory under the user's home; this is proportional to storing credentials/config for the skill. No unrelated secrets or system credentials are requested.
Persistence & Privilege
The skill does not request 'always' presence, does not modify other skills or global agent config, and only persists per-user token files under the user's home directory. It attempts to set restrictive permissions (0600) on token files. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install withings-family - 安装完成后,直接呼叫该 Skill 的名称或使用
/withings-family触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
fix: use /Users/oliver/clawd for workspace root to preserve symlink paths
v1.1.1
Rename .clawdhubignore to .clawhubignore
v1.1.0
Refactor: move setup/prerequisites to SETUP.md, keep SKILL.md lean
v1.0.4
Replace .env loading with config.json fallback for client creds
v1.0.3
Security: sanitize user_id used in token file paths to prevent path traversal; tighten token file permissions.
v1.0.2
Prefer ~/.openclaw state dir (fallback to legacy ~/.moltbot).
v1.0.1
Doc fix: SKILL.md now references scripts/ paths only.
v1.0.0
Initial release (scripts live in skill/scripts).
元数据
常见问题
Withings Family 是什么?
Fetches health data from the Withings API for multiple family members including weight, body composition (fat, muscle, bone, water), activity, and sleep. Use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2171 次。
如何安装 Withings Family?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install withings-family」即可一键安装,无需额外配置。
Withings Family 是免费的吗?
是的,Withings Family 完全免费(开源免费),可自由下载、安装和使用。
Withings Family 支持哪些平台?
Withings Family 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Withings Family?
由 Oliver Drobnik(@odrobnik)开发并维护,当前版本 v1.1.2。
推荐 Skills