ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Amazfit Health Log

v1.0.1

Fetches Amazfit GTR3 health data from HCGateway and writes a daily Obsidian log note. Use when user says "health log", "GTR3 data", "write health data", "fet...

1· 71·0 current·0 all-time
bySanweb@sanwebgit

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sanwebgit/amazfit-health-log.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Amazfit Health Log" (sanwebgit/amazfit-health-log) from ClawHub.
Skill page: https://clawhub.ai/sanwebgit/amazfit-health-log
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install amazfit-health-log

ClawHub CLI

Package manager switcher

npx clawhub@latest install amazfit-health-log
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Amazfit → HCGateway → Obsidian note) matches the included files. The script authenticates to a configured base_url and calls /api/v2/fetch/* endpoints, then writes a markdown file into the user's vault. Requested config fields (base_url, username, password, vault_path, log_dir) are exactly what this functionality needs.
Instruction Scope
SKILL.md instructions stay within the stated purpose (verify Docker containers, run the Python script, optionally enable a cron). Two points to notice: (1) the troubleshooting steps advise running 'sudo docker compose -f /home/docker/hcgateway/docker-compose.yml up -d' — a specific absolute path and use of sudo that may not match a user's install and implies privileged system actions; (2) cron and example paths in the docs use different home paths (/home/openclaw vs ~/.openclaw), which are user-specific and may need adjustment. Otherwise the runtime steps only read the skill's config, call the local HCGateway, and write files to the configured vault.
Install Mechanism
No install spec; this is instruction + a single Python script using standard-library modules (urllib, zoneinfo). Nothing is downloaded from external URLs and no archives are extracted, so install risk is low.
Credentials
The skill requests credentials via a config.json (base_url, username, password). That is proportionate to authenticating to HCGateway. Be aware the credentials are intended to be stored in plaintext in skills/.../config.json per the docs; this is expected for a local utility but has confidentiality implications. There are no other unrelated environment variables or secrets requested.
Persistence & Privilege
The skill is not force-installed (always:false) and does not modify other skills or global agent settings. It can be invoked autonomously (disable-model-invocation:false) which is the platform default; that alone is not a red flag given the skill's limited scope and local-only network usage.
Assessment
This skill appears to do exactly what it says: authenticate to a HCGateway instance, gather Amazfit metrics, and write a daily Markdown note into your Obsidian vault. Before installing or enabling it, consider the following: - Config/credentials: You must provide base_url, username and password in skills/amazfit-health-log/config.json. Those credentials are stored as plaintext in that file by design — if you are concerned about storing secrets on disk, put the file on an encrypted partition or use a secrets manager and adjust the script. - Verify base_url: Ensure the configured base_url points to a trusted local HCGateway (e.g., http://127.0.0.1:6644). If you change base_url to a remote host, the script will send your HCGateway credentials to that remote host — review that risk carefully. - File writes: The script will create the configured vault/log directory and write daily .md files. Confirm the vault_path/log_dir are correct to avoid overwriting or creating files in an unexpected location. - Privileged actions in docs: The troubleshooting steps suggest running sudo docker compose with an absolute path (/home/docker/hcgateway/docker-compose.yml). That command is related to starting a local HCGateway container but is system-level and user-specific — do not run such commands unless you understand them and the paths match your system. - Paths in docs: The README examples use different home paths (~/ vs /home/openclaw). Update cron and paths to match your environment before enabling automated runs. - Audit and run locally: If you want extra assurance, inspect scripts/fetch-health.py (already included) and run it manually the first time to confirm behavior. Running it in a user account with limited permissions is a good precaution. If you accept these tradeoffs (local HCGateway usage, plaintext local config), the skill is coherent and suitable for the described task.

Like a lobster shell, security has layers — review code before you run it.

latestvk974rgb9gmhjcw3asc0s6h4sq184a3r6
71downloads
1stars
2versions
Updated 3w ago
v1.0.1
MIT-0
Sanweb@sanwebgit
latest
Download

Amazfit GTR3 Health Log Skill

Automatically fetches Amazfit GTR3 health data from HCGateway and writes a structured daily Obsidian note.

When Triggered

  • User says: "health log", "fetch GTR3 data", "write health data", "health log for yesterday/today/[date]"
  • Daily cron job runs at 06:00 (configurable)

Prerequisites

  • HCGateway is running at http://127.0.0.1:6644
  • Docker containers hcgateway_api + hcgateway_db are active
  • HCGateway Android app has completed at least one sync (auto-syncs every 2h)
  • Credentials stored in skills/amazfit-health-log/config.json

Execution

Step 1: Verify container status

docker ps --filter "name=hcgateway" --format "{{.Names}}: {{.Status}}"

If containers are not running:

sudo docker compose -f /home/docker/hcgateway/docker-compose.yml up -d

Step 2: Run the Python script

For yesterday (default):

python3 ~/.openclaw/workspace/skills/amazfit-health-log/scripts/fetch-health.py

For a specific date:

python3 ~/.openclaw/workspace/skills/amazfit-health-log/scripts/fetch-health.py 2026-04-06

Step 3: Confirm output

The script prints a summary and writes the note to:

<VAULT_ROOT>/30 Bereiche/Gesundheit/Logs/GTR3/YYYY-MM-DD.md

Output Format (Note)

The generated note contains:

  • Frontmatter: date, weekday, tags, source, created timestamp
  • Summary table: steps, distance, sleep duration, resting HR, SpO2
  • Sleep section: period, duration, stage breakdown table (Deep / REM / Light / Awake)
  • Heart rate section: avg, min, max, resting HR
  • SpO2 section: daily average
  • Navigation links to previous and next day

Sleep Stage Decoding

CodeStage
1Awake
4Light
5Deep
6REM

Troubleshooting

No data for date:

  • Check that Zepp App → Health Connect sync is enabled
  • Open the HCGateway Android app and trigger a manual sync
  • Data is only available for the last 30 days

Containers unreachable:

sudo docker compose -f /home/docker/hcgateway/docker-compose.yml logs --tail=20

Changing credentials:

  • Edit skills/amazfit-health-log/config.json
  • Password changes invalidate all existing tokens (re-login required)

Cron Configuration (daily at 06:00)

For automatic daily execution:

0 6 * * * python3 /home/openclaw/.openclaw/workspace/skills/amazfit-health-log/scripts/fetch-health.py

Data Sources

TypeHCGateway EndpointSource
Steps/fetch/stepscom.huami.watch.hmwatchmanager
Sleep/fetch/sleepSessioncom.huami.watch.hmwatchmanager
Heart Rate/fetch/heartRatecom.huami.watch.hmwatchmanager
Resting HR/fetch/restingHeartRatecom.huami.watch.hmwatchmanager
SpO2/fetch/oxygenSaturationcom.huami.watch.hmwatchmanager
Distance/fetch/distancecom.huami.watch.hmwatchmanager

Comments

Loading comments...