OpenClaw Health Brief
v1.0.0Generate a daily health brief from Oura, Whoop, and Withings. Unified re-auth script, local token persistence, Green/Yellow/Red morning summary.
⭐ 2· 1.2k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code matches the stated purpose (fetch Oura/WHOOP/Withings, normalize, render a brief). However the registry metadata declared no required env vars or binaries while the implementation expects the 1Password CLI ('op'), OP_SERVICE_ACCOUNT_TOKEN / OPENCLAW_1P_VAULT when using 1Password, and various provider tokens as env var fallbacks. The omission in the manifest is an inconsistency.
Instruction Scope
SKILL.md stays within the expected scope (authorize providers via OAuth, run reauth, run brief, add cron). It explicitly instructs storing tokens in 1Password and in a local file (~/.openclaw/secrets/health_tokens.json). The instructions do not appear to request unrelated system data, but they do direct the agent to open a browser for OAuth and to source an existing gateway.env in cron — both of which assume access to local environment and secrets.
Install Mechanism
There is no install spec (instruction-only), which reduces supply-chain footprint, but the package contains executable Python CLI code and expects external tooling (the 'op' CLI). The absence of an install step means the user is responsible for installing Python dependencies and the 'op' binary; this should have been declared.
Credentials
The skill will read and use many sensitive environment variables and external secrets (OP_SERVICE_ACCOUNT_TOKEN, OPENCLAW_1P_VAULT, WHOOP_*/OURA_*/WITHINGS_*). The registry lists none of these. The code also calls the 'op' CLI via subprocess to read (and optionally write) 1Password items — a high-privilege operation. WRITEBACK to 1Password is gated by OPENCLAW_1P_WRITEBACK=1, but that flag is not highlighted in the manifest. The local secrets file (~/.openclaw/secrets/health_tokens.json) is created and persisted (chmod 600 attempted). Because secrets are accessed and persisted, the declared requirements are insufficient and the requested privileges are more than the manifest implies.
Persistence & Privilege
The skill persists rotated tokens to a local JSON file (~/.openclaw/secrets/health_tokens.json) and will attempt 1Password writeback if OPENCLAW_1P_WRITEBACK=1 and 'op' is available. always:false and no special platform-wide modifications are requested. This is expected for an OAuth token-handling CLI, but it expands the blast radius if you enable 1Password writeback — exercise caution.
What to consider before installing
This skill's code implements the described functionality, but the manifest omitted important operational requirements. Before installing or enabling it:
- Assume this will read secrets from your 1Password vault (via the 'op' CLI) if available and from environment variables otherwise. The skill will persist rotated tokens to ~/.openclaw/secrets/health_tokens.json (it attempts chmod 600).
- The skill can also write back refresh tokens to 1Password, but only if you set OPENCLAW_1P_WRITEBACK=1 and have the 'op' CLI and OP_SERVICE_ACCOUNT_TOKEN available — don't enable that flag unless you trust the code and its environment.
- The registry metadata did not declare required binaries or env vars; you should verify and install the 'op' CLI yourself and provide only the minimum secrets needed. Consider using environment-only tokens or a dedicated vault/service-account with least privilege.
- Review core/util/secrets.py and core/util/local_secrets.py to confirm they behave as you expect (they call subprocess.run('op') and atomically write a JSON file).
- If you don't trust the code or the unknown source/owner, don't enable writeback and run the smoke test (./bin/smoke) in an isolated environment first. Ask the publisher for a canonical source repository or homepage before deploying it into production/automated cron jobs.Like a lobster shell, security has layers — review code before you run it.
latestvk977sfdjwmn2aqyy0g6z57t8b180qrat
License
MIT-0
Free to use, modify, and redistribute. No attribution required.