Back to skill

Security audit

WHOOP (Official API)

Security checks across malware telemetry and agentic risk

Overview

This WHOOP skill is mostly purpose-aligned, but it handles sensitive health data and OAuth material in ways users should review before installing.

Review before installing. Prefer loopback OAuth, avoid pasting redirect URLs or authorization codes into chat, reduce WHOOP scopes to only what you need, keep token and raw JSON files private, delete raw exports after use, set your own timezone, and confirm exact recipients before enabling cross-channel or scheduled summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises very broad trigger phrases like 'pull WHOOP data' and 'push WHOOP updates to any chat channel,' which can cause the integration to activate in situations where the user did not clearly intend authentication, data retrieval, or data sharing. Because WHOOP data is sensitive health/fitness information and the skill can also send output to external channels, over-broad invocation increases the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description states that the skill performs OAuth, stores tokens locally, fetches WHOOP metrics, and can push updates to multiple chat channels, but it does not prominently warn users that personal fitness/health-related data and reusable access tokens are being stored and may be transmitted elsewhere. This omission undermines informed consent and increases the chance users authorize sensitive processing they do not fully understand.

Natural-Language Policy Violations

Low
Confidence
85% confidence
Finding
Defaulting WHOOP_TZ to Asia/Shanghai without user opt-in can silently fetch or summarize the wrong local day for many users, producing inaccurate health summaries and potentially causing unintended disclosure of adjacent-day activity or sleep data. While this is not direct code execution, it is a real safety/privacy issue because the skill's main purpose is date-sensitive personal data retrieval.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script writes a raw WHOOP bundle containing highly sensitive health and biometric data to an arbitrary filesystem path without any warning, permission hardening, or redaction. In agent or automation contexts this can lead to unintended persistence of personal data in shared workspaces, logs, backups, or artifacts, creating a real privacy and compliance risk even if there is no obvious exploit primitive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.