WHOOP CLI for Agents
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a coherent WHOOP CLI helper with sensitive but expected local health-data access and no evidence of hidden exfiltration or automation.
Install only if you are comfortable letting the agent read WHOOP health data. Keep OAuth tokens and exported JSONL files private, prefer read-only/status commands first, and delete local exports when they are no longer needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.