Back to skill
Skillv0.1.0
VirusTotal security
WHOOP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:03 AM
- Hash
- 1610e1af7f72f88a093eeac1c8013ef063e7adbdf7797cde0e1687bd1ed485b8
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: whoop Version: 0.1.0 The skill's purpose is to integrate with the WHOOP API for morning check-ins. It requires WHOOP OAuth credentials and a refresh token, which are handled through standard OAuth flows and stored locally in `~/.clawdbot/.env` and `~/.cache/whoop-morning/tokens.json`. The `SKILL.md` provides clear, non-malicious instructions for setup and execution, without any prompt injection attempts. The `lib/tokens.js` file manages the local storage of these necessary tokens. There is no evidence of data exfiltration, malicious execution, or unauthorized persistence.
- External report
- View on VirusTotal