Back to skill
Skillv0.1.1
VirusTotal security
WHOOP Morning · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:03 AM
- Hash
- f7286c7565812ac0d05e8f6f0e080076bc990d420005ee7b49c7a385fc035e32
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: whoop-morning Version: 0.1.1 The skill is designed to interact with the WHOOP API to fetch user data and provide suggestions. It handles OAuth tokens by requiring them as environment variables (`WHOOP_CLIENT_ID`, `WHOOP_CLIENT_SECRET`, `WHOOP_REFRESH_TOKEN`) and storing access tokens in a user-specific cache directory (`~/.cache/whoop-morning/tokens.json`) via `lib/tokens.js`. The `SKILL.md` provides clear setup instructions for the user, including an OAuth authorization flow, and does not contain any prompt injection attempts against the AI agent. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. All operations appear to be aligned with the stated purpose.
- External report
- View on VirusTotal