Fitbit MCP
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the MCP server can execute code from npm on the user's machine and handle the Fitbit OAuth flow.
The setup is user-directed but downloads/runs an external npm package, and the artifact set contains no package code or lockfile for review.
- `npx -y fitbit-mcp-unofficial setup` - `npx -y fitbit-mcp-unofficial auth`
Verify the npm package and linked repository before running setup, and pin a known-good version if the MCP client supports it.
The connected MCP server and agent may be able to access Fitbit account data within the granted OAuth scopes.
The skill clearly expects Fitbit OAuth tokens and warns not to expose them, which is purpose-aligned but sensitive.
Fitbit OAuth tokens stay under ~/.fitbit-mcp/ by default. ... Do not print OAuth tokens, API keys, service-account JSON, local token files, or private user data.
Review requested OAuth scopes, keep tokens private, and revoke the Fitbit authorization when the connector is no longer needed.
Sensitive Fitbit data could be shown in chat, copied into logs, or reused in later agent context if the client stores conversations.
These agent surfaces are private health and wellness data that may enter the agent's working context or outputs.
- activity - sleep - heart rate - HRV - SpO2 - weight - nutrition
Only ask for the specific Fitbit data needed, avoid sharing outputs publicly, and disable memory/logging for sensitive health queries where possible.
An agent could make live Fitbit provider calls or change user data if those MCP tools are enabled and invoked.
The instructions imply the MCP integration may support live provider calls or writes, though the skill also recommends safer status, audit, and dry-run steps first.
Prefer connection_status, manifest, doctor, privacy_audit, or dry-run surfaces before any write or live provider call.
Require explicit user confirmation before any write action or live provider operation, and use dry-run or audit tools first.