OpenClaw Health
ReviewAudited by ClawScan on May 10, 2026.
Overview
The health-brief purpose is coherent, but the package asks you to run missing OAuth helper scripts that would handle sensitive health tokens.
Review this carefully before installing. The integration itself is understandable, but the documented OAuth and health-brief commands depend on missing ./bin scripts. Ask the publisher to include the missing entrypoints and verify they only contact Oura, WHOOP, Withings, and 1Password as documented before providing tokens or enabling the cron job.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may be asked to run an unreviewed or absent helper script for OAuth tokens; if obtained from elsewhere or shadowed by another local file, it could mishandle health account credentials.
The skill instructs users to run ./bin/health-reauth and ./bin/health-brief for OAuth authorization and health-data retrieval, but the provided file manifest contains no bin/ directory or those scripts.
python3 ./bin/health-reauth all
Do not run the re-auth or brief commands until the package includes the referenced bin scripts from a trusted source and they have been reviewed.
The skill can read health-provider credentials and use them to fetch sleep, activity, weight, and biometric data.
The skill asks for 1Password access and provider OAuth tokens. This is expected for the stated integrations, but it grants access to sensitive health accounts.
export OP_SERVICE_ACCOUNT_TOKEN="your-token" ... `OpenClaw Whoop` → `client_id`, `client_secret`, `token`, `refresh_token`
Use a dedicated 1Password vault or narrowly scoped provider apps/tokens, and revoke tokens at the providers if you stop using the skill.
If enabled, the agent will keep running the health brief on a schedule and reading generated health data without a fresh manual prompt each day.
The skill documents an optional persistent daily cron job that runs an agent session to execute the brief and report results.
openclaw cron add ... --schedule "0 8 * * *" ... --message 'Run the health brief:
Only add the cron job if you want ongoing automation, verify the output destination, and remove the cron job when it is no longer needed.