withings-health
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill performs its stated function using official API endpoints.
- [EXTERNAL_DOWNLOADS]: The skill connects to official Withings domains (
wbsapi.withings.netandaccount.withings.com) for data retrieval and user authentication. - [DATA_EXFILTRATION]: The skill handles personal health information including weight, body composition, activity, and sleep metrics, retrieving this data from the official API to provide it to the agent.
- [CREDENTIALS_UNSAFE]: The skill manages API credentials via environment variables and stores OAuth tokens in a local file named
tokens.json. This is standard behavior for maintaining an authenticated session.
Audit Metadata