ClawHub

Garmin Connect

Garmin Connect integration for Clawdbot: sync fitness data (steps, HR, calories, workouts, sleep) every 5 minutes using OAuth.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
3 · 1.9k · 5 current installs · 5 all-time installs
by@Rayleigh3105
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement Garmin data sync using a local OAuth session and cache files ( ~/.garth/session.json and ~/.clawdbot/.garmin-cache.json ), which is coherent with the stated purpose. However the package imports 'garth' (an OAuth helper) but requirements.txt does not list it; some scripts reference 'garminconnect' and 'garth-cli' in different places. The presence of username/password-based auth and guidance to disable 2FA contradict the declared 'OAuth-based (secure, no password storage)' claim.
!
Instruction Scope
Instructions include running garmin-auth.py with an email and plaintext password on the command line (exposes credentials via shell history) and suggest disabling 2FA — both are insecure and inconsistent with an OAuth-first design. Several scripts contain hard-coded example paths (/home/mamotec/.garth/session.json) and example email addresses, indicating leftover developer artifacts. The instructions also tell you to save the OAuth session locally (expected) and to add a cron job (expected).
!
Install Mechanism
No install spec (instruction-only) — lower risk overall — but requirements.txt omits the 'garth' dependency used extensively in the code and README suggests installing 'garth' or 'garth-cli' separately. This mismatch can cause confusing manual steps and leaves dependency provenance unclear; user must pip-install additional packages by hand.
Credentials
The skill declares no required environment variables (correct), and stores tokens locally under the user's home directory (reasonable). However the instructions request direct credentials via CLI and recommend disabling 2FA, which is disproportionate and unsafe relative to the purported OAuth approach. The session file (~/.garth/session.json) contains the token and should be protected.
Persistence & Privilege
The skill does not request elevated privileges or auto-install itself. It writes cache/session files under the user's home directory and requires the user to add a cron entry manually — expected for a sync tool. always:false and normal autonomy settings are appropriate.
What to consider before installing
This skill appears to do what it says (sync Garmin data), but there are several red flags you should consider before installing: - Do NOT run the auth script with your password on the command line if you can avoid it (they show python3 scripts/garmin-auth.py <email> <password>) — that exposes credentials in shell history and process lists. Prefer a browser-based OAuth flow (garth-cli) if available. - The SKILL.md claims 'OAuth-based (secure, no password storage)' but other parts instruct using username/password and even recommend disabling 2FA — never disable 2FA for convenience. This contradiction is a security concern. - requirements.txt is incomplete (the code imports 'garth' but it's not listed). Verify and install dependencies explicitly, and inspect the 'garth' and 'garminconnect' packages before trusting them. - The code contains developer hard-coded paths and sample emails (e.g., /home/mamotec, moritz.vogt@vogges.de). Review and edit scripts to use Path.home() and your own account details before running. - The session file (~/.garth/session.json) and the cache (~/.clawdbot/.garmin-cache.json) store tokens/data locally; ensure those files have proper filesystem permissions and are kept private. If you want to proceed safely: review the garth package source (or use an officially supported Garmin OAuth flow), avoid passing passwords on command lines, restore 2FA on your account, and run the code in an isolated environment (VM or container) until you're comfortable. If you need, ask the author to remove hard-coded paths and provide a documented, browser-based OAuth installer that does not recommend disabling 2FA.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97fhbaz3dg55j9a4e0jmqxa09801nam

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Garmin Connect Skill

Sync all your Garmin fitness data to Clawdbot:

  • 🚶 Daily Activity: Steps, heart rate, calories, active minutes, distance
  • 😴 Sleep: Duration, quality, deep/REM/light sleep breakdown
  • 🏋️ Workouts: Recent activities with distance, duration, calories, heart rate
  • ⏱️ Real-time sync: Every 5 minutes via cron

Quick Start

1. Install Dependencies

pip install -r requirements.txt

2. OAuth Authentication (One-time)

python3 scripts/garmin-auth.py your-email@gmail.com your-password

This saves your OAuth session to ~/.garth/session.json — fully local and secure.

3. Test Sync

python3 scripts/garmin-sync.py

You should see JSON output with today's stats.

4. Set Up 5-Minute Cron

Add to your crontab:

*/5 * * * * /home/user/garmin-connect-clawdbot/scripts/garmin-cron.sh

Or manually:

*/5 * * * * python3 /home/user/garmin-connect-clawdbot/scripts/garmin-sync.py ~/.clawdbot/.garmin-cache.json

5. Use in Clawdbot

Import and use in your scripts:

from scripts.garmin_formatter import format_all, get_as_dict

# Get all formatted data
print(format_all())

# Or get raw dict
data = get_as_dict()
print(f"Steps today: {data['summary']['steps']}")

Features

✅ OAuth-based (secure, no password storage) ✅ All metrics: activity, sleep, workouts ✅ Local caching (fast access) ✅ Cron-friendly (5-minute intervals) ✅ Easy Clawdbot integration ✅ Multi-user support

Data Captured

Daily Activity (summary)

  • steps: Daily step count
  • heart_rate_resting: Resting heart rate (bpm)
  • calories: Total calories burned
  • active_minutes: Intensity minutes
  • distance_km: Distance traveled

Sleep (sleep)

  • duration_hours: Total sleep time
  • duration_minutes: Sleep in minutes
  • quality_percent: Sleep quality score (0-100)
  • deep_sleep_hours: Deep sleep duration
  • rem_sleep_hours: REM sleep duration
  • light_sleep_hours: Light sleep duration
  • awake_minutes: Time awake during sleep

Workouts (workouts)

For each recent workout:

  • type: Activity type (Running, Cycling, etc.)
  • name: Activity name
  • distance_km: Distance traveled
  • duration_minutes: Duration of activity
  • calories: Calories burned
  • heart_rate_avg: Average heart rate
  • heart_rate_max: Max heart rate

Cache Location

By default, data is cached at: ~/.clawdbot/.garmin-cache.json

Customize with:

python3 scripts/garmin-sync.py /custom/path/cache.json

Files

FilePurpose
garmin-auth.pyOAuth setup (run once)
garmin-sync.pyMain sync logic (run every 5 min)
garmin-formatter.pyFormat data for display
garmin-cron.shCron wrapper script
requirements.txtPython dependencies

Troubleshooting

OAuth authentication fails

  • Check email/password
  • Disable 2FA on Garmin account (or use app password)
  • Garmin servers might be rate-limiting — wait 5 minutes

No data appears

  1. Sync your Garmin device with the Garmin Connect app
  2. Wait 2-3 minutes for data to sync
  3. Check that data appears in Garmin Connect web/app
  4. Then run garmin-sync.py again

Permission denied on cron

chmod +x scripts/garmin-cron.sh
chmod +x scripts/garmin-sync.py
chmod +x scripts/garmin-auth.py

Cache file not found

Run garmin-sync.py at least once to create cache:

python3 scripts/garmin-sync.py

Usage Examples

from scripts.garmin_formatter import format_all, get_as_dict

# Get formatted output
print(format_all())

# Get raw data
data = get_as_dict()
if data:
    print(f"Sleep: {data['sleep']['duration_hours']}h")
    print(f"Steps: {data['summary']['steps']:,}")

License

MIT — Use, fork, modify freely.

Made for Clawdbot | Available on ClawdHub

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…