ClawHub

Strava Api

v1.0.1

Official Strava OAuth integration for OpenClaw. Use to connect/authorize Strava, store+refresh tokens, and fetch workout/activity data (runs/rides/etc.) for...

0· 103·0 current·0 all-time
bySteve Wang@swang62

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for swang62/strava-api.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Strava Api" (swang62/strava-api) from ClawHub.
Skill page: https://clawhub.ai/swang62/strava-api
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install strava-api

ClawHub CLI

Package manager switcher

npx clawhub@latest install strava-api
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Strava OAuth + fetch activities) align with the included Python scripts which implement OAuth login, token refresh, and activity fetching. One inconsistency: registry metadata listed no required env vars, but SKILL.md and the scripts clearly require STRAVA_CLIENT_ID, STRAVA_CLIENT_SECRET, and STRAVA_REDIRECT_URI.
Instruction Scope
SKILL.md instructs running the included scripts to perform OAuth or loopback login and to fetch activities into a JSON file. The instructions only reference Strava endpoints, the declared env vars, and an on-disk token file. The scripts may open a local loopback HTTP listener (only when loopback mode is used) and will read/write the token JSON — both are expected for OAuth flows.
Install Mechanism
No install spec / no remote downloads. This is an instruction-only skill delivered with source files (two Python scripts). No external packages or installers are pulled in by the skill itself.
Credentials
The skill requires Strava-specific secrets (client id, client secret, redirect URI) and optionally a token path and timezone — these are proportionate to performing OAuth and API calls. The code only reads/writes the declared token file path and does not request unrelated credentials. Note that STRAVA_CLIENT_SECRET is sensitive; providing it is necessary for this skill to function.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide settings. It persists tokens to a user-scoped config path (~/.config/openclaw/strava/token.json by default) and attempts to set secure file permissions (0600). Loopback mode binds only to localhost as expected.
Assessment
The code appears to do exactly what it says: perform Strava OAuth, store/refresh tokens, and fetch activities. Before installing: 1) Verify the skill source/owner (homepage is missing and owner ID is unknown). 2) Be prepared to provide STRAVA_CLIENT_ID, STRAVA_CLIENT_SECRET, and STRAVA_REDIRECT_URI — these are sensitive credentials used for OAuth. 3) Note the default token file (~/.config/openclaw/strava/token.json) will be created/overwritten; review or change STRAVA_TOKEN_PATH if you want it elsewhere. 4) If using loopback mode, the script will run a local HTTP listener on the specified port (only binds to 127.0.0.1/localhost). 5) As a precaution, inspect the included scripts locally and consider running them in a constrained environment (container or dedicated account) if you're unsure about the unknown publisher despite the code looking consistent with Strava's OAuth flow. Also be aware of the metadata discrepancy: registry metadata omitted required env vars even though SKILL.md and the scripts require them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajzwwb21cmmqrayx70m5m75855yh0
103downloads
0stars
2versions
Updated 1w ago
v1.0.1
MIT-0
Steve Wang@swang62
latest
Download

Strava (Official API)

Keep this skill source-only: connect to Strava, fetch activities, normalize output. Delivery is channel-agnostic.

Configuration

Required env vars:

  • STRAVA_CLIENT_ID
  • STRAVA_CLIENT_SECRET
  • STRAVA_REDIRECT_URI

Optional:

  • STRAVA_TOKEN_PATH (default: ~/.config/openclaw/strava/token.json)
  • STRAVA_TZ (default: Asia/Shanghai)

Connect (OAuth)

Choose one mode:

  • Phone/remote mode (recommended):
python3 scripts/strava_oauth_login.py
  • Desktop loopback mode (optional): if you are authorizing in a browser on the same machine that runs OpenClaw and your STRAVA_REDIRECT_URI is a loopback URL (e.g. http://127.0.0.1:58539/callback):
python3 scripts/strava_oauth_login.py --loopback

Fetch activities for a day (json output)

python3 scripts/strava_fetch_activities.py --date today --out /tmp/strava_today.json

Notes

  • API details: references/strava_api.md

Comments

Loading comments...