Back to skill
Skillv0.3.1
VirusTotal security
WHOOP CLI for Agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:12 AM
- Hash
- b30e39e7d25e421e34663d1477c8d317ddf99677fdfe5021fd5d21c969583caf
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: whoop-cli Version: 0.3.1 The skill bundle appears benign. It provides instructions for an AI agent to interact with the `whoop-cli` for health data access. The `SKILL.md` explicitly includes strong security guardrails, instructing the agent to never ask for or print client secrets/tokens, to prefer local login, and to use read-only commands. While it includes commands to export data to local files (`whoop sync pull --out ./whoop.jsonl`) and manage local experiment state (`~/.whoop-cli/experiments.json`), these are legitimate functions of the stated purpose and lack any indication of malicious intent such as exfiltration, unauthorized execution, or persistence mechanisms. All commands are standard uses of the `whoop` CLI and `npm` for installation.
- External report
- View on VirusTotal