ClawHub

WHOOP Central

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WHOOP integration, but it handles sensitive health data and OAuth tokens that users should protect carefully.

Install only if you are comfortable granting read access to your WHOOP health data. Use a WHOOP developer app you control, request only needed scopes, keep Postman workspaces and local token files private, avoid bulk import unless you want a local health-history archive, and delete tokens/logs or revoke the WHOOP app when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly requires network access and handling of environment/local credential material, yet no explicit permissions are declared. That creates a transparency and policy-enforcement gap: users or hosting frameworks may invoke a networked OAuth flow and credential storage behavior they were not clearly warned about. In this context, the omission is more concerning because the skill deals with sensitive health data and tokens.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose suggests on-demand retrieval of WHOOP metrics, but the documented behavior goes beyond that by importing historical data into local logs, performing setup/token management, and accessing profile information. This mismatch weakens informed consent and can lead users to authorize broader collection and retention of sensitive health data than they intended. Because the data is health-related and historical, the privacy impact is significant.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script persists WHOOP-derived health data into local files under the user's home directory, which expands the skill from transient data retrieval into long-term storage of sensitive biometric information. This creates privacy and data-minimization risk because historical health data may remain on disk without the user clearly expecting or consenting to local retention.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file is designed for bulk historical import of recovery, sleep, strain, and workout records, which is materially broader than a skill described as answering user queries about current or requested WHOOP data. Bulk collection increases exposure by gathering more sensitive data than necessary, violating least-privilege and data-minimization expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code writes detailed health metrics such as HRV, resting heart rate, sleep stages, strain, and workout data into JSONL log files without any visible consent flow, warning, or retention policy. Persistent local storage of sensitive health information raises significant privacy risk, especially if other local users, backup systems, or downstream tools can access the files.

Credential Access

High
Category
Privilege Escalation
Content
3) Click "Get New Access Token", sign in to WHOOP, and click "Grant".

4) In Postman’s "Manage Access Tokens" modal:
- Click "Use Token" (so requests work)
- IMPORTANT: copy and save both:
  - `access_token`
Confidence
91% confidence
Finding
Access Tokens

Credential Access

High
Category
Privilege Escalation
Content
import readline from 'readline';

const DATA_DIR = process.env.WHOOP_DATA_DIR || path.join(process.env.HOME, '.clawdbot', 'whoop');
const CREDENTIALS_PATH = process.env.WHOOP_CREDENTIALS_PATH || path.join(DATA_DIR, 'credentials.json');
const TOKEN_PATH = process.env.WHOOP_TOKEN_PATH || path.join(DATA_DIR, 'token.json');

function ensureDir() {
Confidence
81% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal