← Back to Skills Marketplace
1803
Downloads
4
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install fitbit-health
Description
Query Fitbit health data (activity, sleep, heart rate, weight) via CLI. Use when answering health/fitness questions that require Fitbit data, or when the user asks about their steps, sleep, heart rate, or weight from Fitbit.
README (SKILL.md)
Fitbit CLI
Retrieve health and fitness data from Fitbit's Web API.
Setup
- Register an app at https://dev.fitbit.com/apps
- OAuth 2.0 Application Type: Personal
- Callback URL:
http://localhost:18787/callback
- Run
fitbit configureand enter your Client ID - Run
fitbit loginto authorize
Quick Reference
# Setup & auth
fitbit configure # Set client ID (first time)
fitbit login # Authorize via browser
fitbit logout # Sign out
fitbit status # Check auth status
# Data
fitbit profile # User profile info
fitbit activity [date] # Daily activity summary
fitbit activity steps [date] # Just steps
fitbit summary [date] # Full daily summary
fitbit today # Today's summary (shortcut)
Options
All commands support:
--json— JSON output--no-color— Plain text output--verbose— Debug/HTTP details--tz \x3Czone>— Override timezone (e.g.,America/Chicago)
Examples
# Get today's step count
fitbit activity steps
# Get yesterday's full summary as JSON
fitbit summary 2026-01-25 --json
# Check if authenticated
fitbit status
Notes
- Dates default to today if omitted
- Date format:
YYYY-MM-DDortoday - Tokens are stored in
~/.config/fitbit-cli/tokens.json(chmod 600) - Token refresh is automatic
Usage Guidance
This skill appears to do what it says: it performs OAuth (PKCE) with Fitbit, stores tokens locally (~/.config/fitbit-cli/tokens.json, chmod 600), and only calls Fitbit endpoints. Before installing, confirm you obtain the 'fitbit' CLI from a trusted source (the repository/package listed), supply your own Fitbit Client ID via dev.fitbit.com, and review the token/config files if you want to audit stored credentials. If you later want to revoke access, run the CLI's logout or revoke the app from your Fitbit account. If you prefer not to allow autonomous agent invocation, ensure your agent's policy restricts or prompts before calling external skills.
Capability Analysis
Type: OpenClaw Skill
Name: fitbit-health
Version: 0.1.1
The OpenClaw AgentSkills skill bundle for Fitbit is benign. The code and documentation clearly align with its stated purpose of querying Fitbit health data via a CLI. It implements a standard OAuth 2.0 PKCE flow, storing tokens securely in `~/.config/fitbit-cli/tokens.json` with `0o600` permissions, and all network communication is directed to legitimate Fitbit API endpoints. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent in `SKILL.md` or `README.md`. Dependencies listed in `package.json` are standard and widely used for CLI development.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and code all align: the skill is a CLI for Fitbit data and explicitly requires a 'fitbit' binary. No unrelated services, env vars, or binaries are requested.
Instruction Scope
Runtime instructions are limited to registering a Fitbit app, running the CLI's configure/login commands, and reading/writing config and token files under ~/.config/fitbit-cli. The code only contacts Fitbit endpoints (api.fitbit.com and www.fitbit.com) and uses a local 127.0.0.1 callback for OAuth.
Install Mechanism
There is no provided install spec in the registry (instruction-only). The included package.json shows normal npm build/dev tooling and standard dependencies; no downloads from arbitrary URLs or extract/install behavior are present.
Credentials
The skill does not request environment variables or external credentials. It uses a user-provided Fitbit Client ID (configured via the CLI) and OAuth tokens stored in the user's home directory—appropriate and proportional for the stated functionality.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It stores tokens and config under ~/.config/fitbit-cli with file permissions set to 0600 and runs a local callback server bound to 127.0.0.1; these are standard for an OAuth CLI and do not indicate excessive privilege.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install fitbit-health - After installation, invoke the skill by name or use
/fitbit-health - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Initial release: OAuth PKCE auth, activity/profile/summary commands
Metadata
Frequently Asked Questions
What is Fitbit Health Skill?
Query Fitbit health data (activity, sleep, heart rate, weight) via CLI. Use when answering health/fitness questions that require Fitbit data, or when the user asks about their steps, sleep, heart rate, or weight from Fitbit. It is an AI Agent Skill for Claude Code / OpenClaw, with 1803 downloads so far.
How do I install Fitbit Health Skill?
Run "/install fitbit-health" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Fitbit Health Skill free?
Yes, Fitbit Health Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Fitbit Health Skill support?
Fitbit Health Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Fitbit Health Skill?
It is built and maintained by pb3975 (@pb3975); the current version is v0.1.1.
More Skills