Back to skill
Skillv1.1.0
VirusTotal security
Whoop Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:00 AM
- Hash
- 0bb45b4e9a4cc4fdda0b080ae150490d9e09cf54e6df5d143d64880cc6de8208
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: whoopskill Version: 1.1.0 The OpenClaw AgentSkills skill bundle for 'whoopskill' is benign. It provides a legitimate CLI tool for interacting with the WHOOP API, fetching health data, and managing OAuth tokens. The `SKILL.md` and `README.md` contain no prompt injection attempts, only clear instructions for usage and setup. The code handles sensitive credentials (WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET) via environment variables and stores OAuth tokens in `~/.whoop-cli/tokens.json` with appropriate `0o600` permissions. All network communication is directed to the legitimate WHOOP API (`https://api.prod.whoop.com/`), with no evidence of data exfiltration to unauthorized endpoints or malicious execution.
- External report
- View on VirusTotal