ClawHub

ClawHealth Garmin

v0.1.8

Lightweight Garmin Connect skill that uses the clawhealth Python package to sync health data into local SQLite and expose JSON-friendly commands for OpenClaw.

0· 146·1 current·1 all-time
by@ernestyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Garmin → local SQLite, expose JSON commands) align with the required binaries (python) and env vars (Garmin username, password file, DB, config dir). Requiring network access is expected for Garmin logins and pip installs. One minor inconsistency: README claims runtime fetching from GitHub, but bootstrap_deps.py installs the published clawhealth package from PyPI into a local .venv (SKILL.md and bootstrap_deps.py reflect the latter).
Instruction Scope
SKILL.md and run_clawhealth.py describe only scoped actions: load a local .env, set skill-local defaults, resolve relative paths to the skill directory, and invoke the installed 'clawhealth' CLI. The code does not read arbitrary system files or transmit data to unknown endpoints; network use is limited to Garmin and Python package installation. The script delegates credential handling to the clawhealth CLI (which will read the password file), so review of the published clawhealth package is recommended.
Install Mechanism
There is no registry install spec, but the package includes bootstrap_deps.py which creates a .venv and runs pip install clawhealth>=0.1.1. Installing from PyPI into a local venv is a standard approach and expected here, but it requires network access to PyPI. No obscure URLs or archive extraction are used.
Credentials
Requested env vars (CLAWHEALTH_GARMIN_USERNAME, CLAWHEALTH_GARMIN_PASSWORD_FILE, CLAWHEALTH_DB, CLAWHEALTH_CONFIG_DIR) match the skill's purpose (authenticate to Garmin, locate DB and config). The README's recommendation to use a password file is appropriate. Minor metadata inconsistency: the registry summary listed 'Primary credential: none' while SKILL.md metadata names CLAWHEALTH_GARMIN_PASSWORD_FILE as primary; this is a documentation mismatch but not a functional risk.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. It writes a .venv, config, and data files under the skill directory (expected behavior). It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: it will create a local .venv, install the published 'clawhealth' package from PyPI, and run the clawhealth CLI to sync Garmin data into a SQLite DB under the skill folder. Before installing, verify you trust the clawhealth package on PyPI / the linked GitHub repo, and prefer using a password file (CLAWHEALTH_GARMIN_PASSWORD_FILE) with restricted permissions. Run the skill in an isolated environment if you want to limit risk (e.g., a container), don't commit .env/password/db files to source control, and be aware the skill needs network access for Garmin and pip. Also note small doc inconsistencies (README mentions GitHub fetch) — if you need higher assurance, inspect the installed clawhealth package contents after bootstrap_deps.py runs or ask the author which upstream source will actually be used at runtime.

Like a lobster shell, security has layers — review code before you run it.

clivk97fhdhc3qevqykvbegy0cztb1833kp8garminvk97fhdhc3qevqykvbegy0cztb1833kp8healthvk97fhdhc3qevqykvbegy0cztb1833kp8latestvk9706b0hkbn95rm10b3ckk17mh84er5wsqlitevk97fhdhc3qevqykvbegy0cztb1833kp8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Any binpython
EnvCLAWHEALTH_GARMIN_USERNAME, CLAWHEALTH_GARMIN_PASSWORD_FILE, CLAWHEALTH_DB, CLAWHEALTH_CONFIG_DIR

Comments