Whoop

This skill is classified as benign. It provides functionality to access Whoop health data, generate interactive charts, and perform health analysis. The authentication process uses standard OAuth 2.0, storing tokens locally in `~/.clawdbot/whoop-tokens.json` with appropriate permissions. All network requests are directed to legitimate Whoop API endpoints (`https://api.prod.whoop.com`). While `SKILL.md` contains instructions for the AI agent to read `references/health_analysis.md` for interpretation (a form of prompt injection), this is for the stated purpose of guiding health analysis and includes disclaimers that it is not medical advice. There is no evidence of unauthorized data exfiltration, malicious execution, persistence, or obfuscation.