ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WHOOP Health Data Sync

v1.0.0

Sync WHOOP health data (recovery, sleep, strain, workouts) to markdown files for AI-powered health insights. Use when user asks about WHOOP data, health metr...

0· 90·0 current·0 all-time
by@aikong-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the code: auth.py and sync.py implement WHOOP OAuth and API-sync to markdown files. However the skill bundle includes a data/tokens.json file containing real-looking access/refresh tokens and scopes — shipping tokens with the package is unexpected and disproportionate to the stated purpose (a sample token is understandable, but a live-looking access + refresh token is a sensitive secret and not required for a new user to run the skill).
Instruction Scope
SKILL.md instructions stay within syncing WHOOP data (create developer app, set WHOOP_CLIENT_ID/SECRET or use 1Password, run auth.py, run sync.py). They do instruct manual copying of callback URLs for remote auth and recommend using cron to auto-run the sync and have the agent read/send generated markdown — which means sensitive health files will be regularly written to disk and read by the agent. The code also reads a local .op-token and uses the 1Password CLI if available; that behavior is referenced in docs but is a privilege you should be aware of.
Install Mechanism
No install spec and no remote downloads — the skill is instruction + Python scripts only, so nothing arbitrary will be downloaded or extracted at install time. This is a low-risk install mechanism.
!
Credentials
Metadata declared no required env vars or binaries, but the SKILL.md and code require WHOOP_CLIENT_ID and WHOOP_CLIENT_SECRET (env or 1Password) and the scripts call external commands ('op' 1Password CLI and 'curl'). The included data/tokens.json contains an access_token and refresh_token (and scopes). Bundling tokens is unsafe and disproportionate; it could expose an account if tokens are valid. Asking to read ~/.openclaw/.op-token to set OP_SERVICE_ACCOUNT_TOKEN gives the skill access to a user's 1Password service token if present — a high-sensitivity capability that wasn't declared in the metadata.
Persistence & Privilege
The skill writes tokens to data/tokens.json and writes health markdown files into the workspace health directory for ongoing use (intended). always:false and no attempt to modify other skills or system settings. Still, tokens (including refresh tokens) are stored on disk with file-permissions set to 600 — standard but worth noting because refresh tokens allow long-term API access. Cron example promotes automated, recurring syncs (broadens exposure if tokens are compromised).
What to consider before installing
This skill appears to do what it says (sync WHOOP -> markdown), but there are three things you should check before installing or running it: 1) Remove or inspect the included data/tokens.json: the package contains an access_token and refresh_token. If those tokens are valid, they grant access to WHOOP data. Do NOT install/run with those tokens present; delete or replace tokens.json and run auth.py yourself to create fresh tokens. 2) Expect undeclared dependencies: the scripts invoke the 1Password CLI ('op') and curl via subprocess. Ensure you understand whether you want the skill to access your 1Password vault or a local .op-token file (it looks for ~/.openclaw/.op-token). If you don't use 1Password, set WHOOP_CLIENT_ID/WHOOP_CLIENT_SECRET as environment variables and make sure curl/op aren't available to the runtime if you want to prevent that code path. 3) Sensitive data persistence & automation: the skill stores refresh tokens on disk (allows long-lived access) and writes health reports to ~/.openclaw/workspace/health — consider whether you want those files present on the machine and ensure correct file permissions and that automated cron tasks are scheduled only on machines you trust. Additional recommendations: inspect auth.py and sync.py locally (they are human-readable), regenerate WHOOP client secrets if you accidentally used any included tokens, and only run this skill on a trusted device. If you need help verifying whether the provided tokens are live, do not paste them here — instead, remove the file and run an auth flow yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk976d8jndp904qy462xca0rg8d837wdp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments