Fitbit MCP
ReviewAudited by ClawScan on May 6, 2026.
Overview
This looks like a legitimate Fitbit MCP setup guide, but it requires running an external npm package and giving an agent access to sensitive Fitbit health data.
Before installing, confirm that you trust the linked Fitbit MCP package and repository, understand the Fitbit OAuth scopes being granted, and are comfortable allowing your agent to read sensitive health data. Use the manifest, connection status, privacy audit, and dry-run paths first, and require explicit approval before any write or live provider operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the MCP server can execute code from npm on the user's machine and handle the Fitbit OAuth flow.
The setup is user-directed but downloads/runs an external npm package, and the artifact set contains no package code or lockfile for review.
- `npx -y fitbit-mcp-unofficial setup` - `npx -y fitbit-mcp-unofficial auth`
Verify the npm package and linked repository before running setup, and pin a known-good version if the MCP client supports it.
The connected MCP server and agent may be able to access Fitbit account data within the granted OAuth scopes.
The skill clearly expects Fitbit OAuth tokens and warns not to expose them, which is purpose-aligned but sensitive.
Fitbit OAuth tokens stay under ~/.fitbit-mcp/ by default. ... Do not print OAuth tokens, API keys, service-account JSON, local token files, or private user data.
Review requested OAuth scopes, keep tokens private, and revoke the Fitbit authorization when the connector is no longer needed.
Sensitive Fitbit data could be shown in chat, copied into logs, or reused in later agent context if the client stores conversations.
These agent surfaces are private health and wellness data that may enter the agent's working context or outputs.
- activity - sleep - heart rate - HRV - SpO2 - weight - nutrition
Only ask for the specific Fitbit data needed, avoid sharing outputs publicly, and disable memory/logging for sensitive health queries where possible.
An agent could make live Fitbit provider calls or change user data if those MCP tools are enabled and invoked.
The instructions imply the MCP integration may support live provider calls or writes, though the skill also recommends safer status, audit, and dry-run steps first.
Prefer connection_status, manifest, doctor, privacy_audit, or dry-run surfaces before any write or live provider call.
Require explicit user confirmation before any write action or live provider operation, and use dry-run or audit tools first.