Skillv1.0.0

ClawScan security

Fitbit Insights · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:29 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose (Fitbit data analysis) is reasonable, but the package and metadata are internally inconsistent: it instructs use of local credential files and scripts that are not declared in the registry metadata and are not present in the file manifest, and it asks for/uses sensitive OAuth secrets without declaring them.
Guidance: Do not install yet. Ask the author/maintainer to: (1) provide the missing runtime scripts (fitbit_api.py, refresh_token.py, scripts/) or explain where they come from; (2) update the registry metadata to declare required env vars and config path (FITBIT_ACCESS_TOKEN, client_id, client_secret, refresh_token and the config file path); (3) show the actual code so you or a reviewer can confirm there is no hidden network endpoint or exfiltration logic and that token refresh is implemented safely. If you proceed, run in a sandbox, inspect the included scripts for unexpected network requests or uploads, store client_secret/refresh_token securely (prefer least-privilege storage, strict file permissions or environment variables), and verify tokens are not transmitted to any endpoint other than api.fitbit.com. If the package lacks the scripts it documents, treat it as mispackaged and avoid installing until corrected.

Review Dimensions

Purpose & Capability: concernThe stated purpose (fetch Fitbit data and analyze it) legitimately requires OAuth tokens and client credentials. However, the registry metadata declares no required environment variables or config paths, while the SKILL.md and SETUP guide clearly require a local config file (/root/clawd/fitbit-config.json) and OAuth credentials. That mismatch between what the skill needs and what it declares is an incoherence that should be resolved.
Instruction Scope: concernRuntime instructions tell the agent to load tokens from /root/clawd/fitbit-config.json, auto-refresh tokens, and run scripts (python3 scripts/fitbit_api.py and scripts/refresh_token.py). Those actions are within the expected scope for a Fitbit integrator, but SKILL.md references file paths and scripts that are not declared in metadata and are missing from the provided file manifest. The instructions also allow overriding via FITBIT_ACCESS_TOKEN env var even though no env vars are declared — another inconsistency.
Install Mechanism: concernThere is no install spec (instruction-only), which reduces install-time risk. However, the documentation and runtime instructions reference code files (fitbit_api.py, refresh_token.py, scripts/) that are not present in the package manifest. That suggests the package is mispackaged or relies on external files/install steps not documented in the registry metadata — this makes it unclear what will actually run after installation.
Credentials: concernThe skill requires sensitive items (client_id, client_secret, access_token, refresh_token) according to SETUP.md and SKILL.md, but none are declared in the registry metadata. Storing refresh_token and client_secret in a readable file under /root/clawd is sensitive. Requesting these credentials is proportionate to the claimed purpose, but failing to declare them and instructing a specific filesystem location without noting permissions is a security concern.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated platform privileges. It does expect to read a local credential file and to run periodic refresh logic (every 8 hours). That behavior is reasonable for an OAuth-based integration, but combined with the other inconsistencies (missing scripts, undeclared credentials) it increases the risk surface.