Back to skill
Skillv1.0.1
VirusTotal security
WHOOP Tracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:07 AM
- Hash
- 613520e108cbb31c2c9cd161f01cb8031ac17592dfb757aa9565a9bdfa699491
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: whoop-tracker Version: 1.0.1 The skill is designed to access WHOOP fitness data via its official API. All code and documentation align with this stated purpose. The `whoop_client.py` script handles OAuth authentication, token storage (`~/.whoop/token.json`), and API calls to legitimate WHOOP domains (`api.prod.whoop.com`). Credentials are stored securely in `~/.whoop/credentials.json` with `chmod 600` permissions. The `install.sh` script only installs the `requests` Python library and provides instructions for manual credential setup. The `SKILL.md` instructions are straightforward and do not contain any prompt injection attempts or instructions for malicious actions. The `AUDIT.md` file, while detailing numerous functional bugs, does not indicate any malicious intent or security vulnerabilities beyond poor implementation quality.
- External report
- View on VirusTotal