Back to skill
Skillv0.1.2
VirusTotal security
WHOOP (Official API) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 28, 2026, 5:58 AM
- Hash
- e434222be598df982e1a54a8a0d2337ac5fc1442047c7ec97ed1152ff2ce7ed5
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-whoop Version: 0.1.2 The skill bundle is a standard and well-implemented integration for the WHOOP API. It follows security best practices by using environment variables for secrets, implementing the official OAuth 2.0 Authorization Code flow, and securing local token storage with restrictive file permissions (0600) in `whoop_token.py`. The scripts (`whoop_fetch.py`, `whoop_oauth_login.py`) use Python's built-in `urllib` to avoid third-party dependency risks, and the instructions in `SKILL.md` are strictly aligned with the stated purpose of fetching and rendering fitness metrics without any evidence of malicious intent or data exfiltration.
- External report
- View on VirusTotal