ClawHub

WHOOP (Official API)

Security checks across malware telemetry and agentic risk

Overview

The WHOOP metric scripts are mostly coherent, but the package also includes unrelated trusted-partner healthcare API operations that should be reviewed before installation.

Review before installing. Use the minimum WHOOP read scopes, keep WHOOP_CLIENT_SECRET and the token file private, avoid sending summaries to public or shared channels without explicit confirmation, and do not provide partner credentials. The publisher should remove the partner OpenAPI endpoints or split them into a separate, tightly scoped partner-only skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill clearly instructs use of environment variables, local token files, shell commands, and networked OAuth/API access, yet it declares no permissions. That mismatch weakens sandboxing and informed consent because an agent or platform may invoke capabilities the manifest does not transparently disclose, especially around secret handling and token persistence.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The OpenAPI file exposes trusted-partner lab requisition, service-request, status-update, and diagnostic-report upload operations that are outside the stated purpose of a consumer WHOOP metrics/OAuth skill. Including high-privilege partner workflows in the referenced API surface materially increases the chance of accidental or unauthorized invocation against sensitive healthcare-related operations.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The spec includes a partner client-credentials token exchange plus service-request management and diagnostic result upload capabilities, which are context-inappropriate for a skill meant to connect end users to their WHOOP data. This creates a dangerous privilege expansion path from benign fitness-data access into partner healthcare workflow actions and token acquisition.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation text is broad enough to trigger on generic requests about sending updates to chat channels, not just narrowly WHOOP-related requests. In an agent ecosystem, overbroad matching can cause this skill to activate in contexts involving message routing or external delivery, increasing the chance of unintended data disclosure or use of stored WHOOP data without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill asks for client secrets and stores OAuth tokens on disk but does not present a clear warning about the sensitivity of those credentials or the security implications of local persistence. This can lead users or operators to expose secrets via CLI history, logs, screenshots, shared machines, or weak file permissions, making account takeover or unauthorized API access more likely.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The spec grants access to multiple categories of sensitive health and profile data but does not encode when those calls are appropriate or what minimum user intent is required before invocation. In an agent setting, lack of trigger constraints can lead to over-collection of data beyond what the user requested.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The partner-operation section lacks any activation constraints or user-intent safeguards despite covering high-impact workflows such as requesting partner tokens, updating service request status, and uploading diagnostic results. In an agent-integrated skill, these omissions increase the risk that privileged partner actions could be triggered unintentionally or with insufficient authorization checks.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The profile and body-measurement endpoints expose personally identifiable and health-related information, yet the specification does not communicate privacy sensitivity, consent expectations, or disclosure requirements. For a chat-driven skill that may summarize or forward WHOOP data to other channels, this omission raises the risk of users not understanding the privacy impact of retrieval and sharing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The access-revocation endpoint performs a destructive action that can terminate the user’s OAuth grant and stop webhooks, but the spec provides no user-facing friction or warning beyond the terse API description. In an agent context, a misunderstood or loosely phrased request could cause unintended loss of connectivity and service disruption.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script writes a raw WHOOP bundle containing profile, body measurements, sleep, recovery, cycle, and workout data to any path supplied via --out, with no safeguards on file permissions, destination validation, or warning that sensitive health data will be persisted locally. In this skill context, the data is highly privacy-sensitive, so accidental storage in shared directories, logs, temp locations, or synced folders can expose personal health information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script exchanges an OAuth authorization code for access/refresh tokens and immediately persists the resulting token JSON to disk, but provides no explicit safeguards, warning, or visible assurance that the storage location is protected. If the token file is created with overly permissive filesystem permissions, stored in an unsafe path, or later copied/logged, an attacker who obtains it can reuse the WHOOP credentials to access the user's health data until revocation or expiry/refresh rotation.

External Transmission

Medium
Category
Data Exfiltration
Content
"type" : "oauth2",
        "flows" : {
          "clientCredentials" : {
            "tokenUrl" : "https://api.prod.whoop.com/developer/v2/partner/token",
            "scopes" : {
              "whoop-partner/token" : "Read service requests and upload results."
            }
Confidence
84% confidence
Finding
https://api.prod.whoop.com/

Credential Access

High
Category
Privilege Escalation
Content
"post" : {
        "tags" : [ "Partner" ],
        "summary" : "Request a partner client token",
        "description" : "Exchanges partner client credentials for an access token.",
        "operationId" : "requestToken",
        "requestBody" : {
          "content" : {
Confidence
96% confidence
Finding
access token

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal