ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Oura Briefing

v1.0.1

Fetch and summarize Oura Ring v2 sleep, readiness, and activity data. Use when the user asks about their sleep score, HRV, readiness, recovery, or Oura metri...

0· 104·0 current·0 all-time
bySilas@silas-agent573

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for silas-agent573/oura-briefing.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Oura Briefing" (silas-agent573/oura-briefing) from ClawHub.
Skill page: https://clawhub.ai/silas-agent573/oura-briefing
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl, jq
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install oura-briefing

ClawHub CLI

Package manager switcher

npx clawhub@latest install oura-briefing
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description match the included script (fetching Oura v2 sleep/readiness/activity). It correctly requires curl and jq. However, SKILL.md and the script require an OURA_API_TOKEN (or --token) while the registry metadata lists no required environment variables or primary credential—this inconsistency is disproportionate and unexplained.
Instruction Scope
The runtime instructions are narrow: run the provided script, parse its output, and summarize metrics. The script only fetches data from api.ouraring.com and does not reference other system files, credentials, or external endpoints. It uses standard CLI tools (curl, jq) and respects a token passed via env or arg.
Install Mechanism
Instruction-only skill with an included shell script; no install spec, downloads, or archive extraction. Nothing is written to disk by an installer beyond the provided script, so install risk is low.
!
Credentials
The script requires an OURA_API_TOKEN to contact the Oura API, which is appropriate for the stated purpose — but the skill registry metadata does not declare this required credential nor a primaryEnv. The missing declaration is a red flag (could be an oversight, but it affects informed consent). No other unrelated secrets are requested.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and does not persist credentials or change system-wide settings. Default autonomous invocation is allowed by platform policy but is not combined with other high-risk factors here.
What to consider before installing
This skill appears to do what it claims: use your Oura personal access token to call api.ouraring.com and produce a briefing. However, the registry metadata omitted the required OURA_API_TOKEN even though SKILL.md and the script require it—ask the publisher to correct the metadata before installing. Treat the token like any API secret: only provide a token with minimal scope, run the script in a trusted environment, and review the script locally (it’s included) to confirm it only talks to api.ouraring.com. If you don't trust the source, test with a throwaway token or decline until metadata/ownership are clarified.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl, jq
latestvk97efymzm1d9hh5942jewb7j1h84kq04
104downloads
0stars
2versions
Updated 2w ago
v1.0.1
MIT-0
Silas@silas-agent573
latest
Download

Oura Briefing

Fetch and summarize daily health metrics from the Oura Ring API (v2).

Setup

Set your Oura Personal Access Token:

export OURA_API_TOKEN="your_token_here"

Get a token at: https://cloud.ouraring.com/personal-access-tokens

Usage

# Today's briefing
bash scripts/oura-briefing.sh

# Specific date
bash scripts/oura-briefing.sh --date 2024-01-15

# JSON output
bash scripts/oura-briefing.sh --json

# Use a token directly
bash scripts/oura-briefing.sh --token YOUR_TOKEN

What it returns

  • Sleep: total sleep, efficiency, deep/REM/light breakdown, latency, wake time, score
  • Readiness: readiness score, HRV balance, body temperature deviation, recovery index
  • Activity: activity score, steps, active calories, equivalent walking distance

Agent guidance

When a user asks about sleep, readiness, HRV, or recovery:

  1. Run bash scripts/oura-briefing.sh (requires OURA_API_TOKEN in environment)
  2. Parse the output and present a plain-language summary
  3. Flag anything below their normal range (sleep < 70, readiness < 70, HRV drop > 15%)
  4. Suggest actionable adjustments if scores are low (bedtime, wind-down, recovery day)

Wake detection

The script exits 0 with a wake_confirmed field when the user has woken up today (bedtime_end present in latest long_sleep session). Use this as a gate before sending morning reports.

bash scripts/oura-briefing.sh --wake-check
# exit 0 = awake, exit 1 = not yet

Comments

Loading comments...