Oura Ring Integration
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be building and running code from a third-party repository to access your Oura account.
The skill asks the user to clone and build an external repository, and the instructions do not pin a commit, tag, or release.
git clone https://github.com/ruhrpotter/oura-cli.git cd oura-cli go build -o oura ./cmd/oura
Review the repository and preferably use a trusted, pinned release or commit before authenticating it with your Oura account.
Anyone or anything with access to the stored token may be able to read Oura account data through the CLI.
The integration requires OAuth credentials and stores access tokens for the user's Oura account.
export OURA_CLIENT_ID="your_client_id" export OURA_CLIENT_SECRET="your_client_secret" ./oura auth login ... Tokens are stored in `~/.config/oura-cli/config.json`.
Use only the intended Oura OAuth app, keep the token file private, and revoke the token if the CLI or machine is no longer trusted.
Your health metrics and profile details may be displayed in chat responses when you ask the skill to retrieve them.
The skill is designed to retrieve and summarize sensitive personal, health, and biometric data into the agent's response context.
`personal`: User profile (age, weight, height, email). ... `heartrate`: Time-series heart rate data. ... `spo2`: Blood oxygen saturation levels. ... `tags`: Enhanced tags (notes, lifestyle choices).
Ask for only the specific date ranges and data categories you need, and avoid using this skill in contexts where other people or systems can see the conversation.