Withings Family
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for reading Withings family health data, but it handles sensitive OAuth tokens and health metrics that users should protect carefully.
Before installing, confirm you are comfortable giving this skill read access to each authenticated family member’s Withings health data. Protect the local token files, revoke access when no longer needed, and use explicit limits or date ranges when asking for historical body-composition data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad body-history request could expose more sensitive health history in the tool output than the user expected.
The body-composition retrieval path is read-only and on-purpose, but the function-level default is to output all returned body-composition records unless a caller supplies a limit.
def get_body(user_id='default', limit=None): ... # Apply limit if specified (default None = all) ... print(json.dumps(measures, indent=2))
Use explicit limits or date ranges for body-composition requests, and consider changing the default behavior to a small recent window.
Anyone who gains access to those token files or the configured Withings credentials may be able to read the associated health data until access is revoked.
The skill intentionally stores reusable OAuth tokens for multiple family members so it can continue reading their Withings data.
Each family member authenticates once via OAuth. Their tokens are stored separately and refreshed automatically.
Authenticate only intended family members, keep the skill directory private, and revoke Withings app access or delete token files when access is no longer needed.
During setup, the local callback flow handles an authorization code for a health-data account; the included state check reduces but does not eliminate the need for careful use.
The OAuth helper temporarily receives the provider callback on localhost and validates the OAuth state before exchanging the code.
code, got_state, err = run_callback_server("localhost", args.port, args.timeout) ... if got_state != state: ... Aborting.Run the OAuth helper only when deliberately authenticating, keep the callback bound to localhost, and stop the helper if the login does not complete.