ClawHub
Back to skill

Security audit

Whoop Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Whoop integration, but it handles sensitive health-account credentials in risky ways that users should review before installing.

Install only if you are comfortable granting ongoing read access to your Whoop health data. Prefer the local OAuth exchange flow, do not send authorization codes or tokens through Telegram, WhatsApp, or other chats, protect ~/.whoop_token and ~/.whoop_refresh_token, and revoke the Whoop app if those files or codes may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (18)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs users to use network access, read/write local files, and potentially access environment-backed credentials, but it does not declare permissions or boundaries for those capabilities. This creates a transparency and least-privilege problem: users and hosting platforms cannot easily assess that the skill will store OAuth tokens locally and make authenticated API requests involving sensitive health data.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The page explicitly presents raw OAuth authorization material and instructs the user to send it over consumer messaging channels to an assistant. This defeats normal OAuth security boundaries by encouraging out-of-band credential transfer, increasing the risk of interception, replay, account takeover, or long-lived API abuse if an access token is shared.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script reads access_token directly from the URL and supports copying it to the clipboard, which is characteristic of unsafe implicit-style token handling. Tokens in URLs can leak via browser history, logs, screenshots, referrers, extensions, and clipboard-monitoring malware, making credential compromise significantly more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to place a Whoop OAuth client ID and client secret in a local JSON file but does not warn about secure storage, file permissions, accidental source control commits, or secret leakage through logs and backups. While this is common in developer setup docs, it can lead to credential exposure that enables unauthorized API access or abuse of the user's developer application.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation text is broad enough to trigger on generic requests such as daily briefings, weekly analysis, trend tracking, or real-time health alerts, which may extend beyond explicit Whoop-related intent. Overbroad invocation can cause the skill to activate unexpectedly and handle sensitive health context or make API calls when the user did not clearly intend to use the Whoop integration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation tells users to create an OAuth app, save client credentials in a local config file, and persist tokens to ~/.whoop_token, but it does not clearly warn that these artifacts are sensitive health-data access credentials. Without an explicit warning about local storage risks, file permissions, and avoidance of sharing logs or config files, users may expose tokens or secrets that grant access to private health and activity data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents that the OAuth redirect page will display the authorization code and automatically copy it to the clipboard. Authorization codes are sensitive OAuth artifacts; exposing them to users and silently placing them on the clipboard increases the chance of leakage through clipboard history, clipboard-sync services, shoulder surfing, or accidental pasting into the wrong application. In this skill context, the page is part of an OAuth flow for a health-data integration, so mishandling the code could enable unauthorized access to Whoop account data if other OAuth protections are weak or misconfigured.

Missing User Warnings

High
Confidence
98% confidence
Finding
The page tells the user to copy sensitive OAuth credentials and send them over chat without any warning or secure transport guarantees. In this skill context, the credentials grant access to personal health and fitness data, so disclosure can expose sensitive biometric and behavioral information in addition to enabling account/API misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatically copying an authorization code or token to the clipboard places sensitive material into a shared OS resource without informed user action. Other apps, browser extensions, remote desktop sessions, or clipboard history features may capture that data, creating an avoidable credential exposure path.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The document instructs users to store a live OAuth access token in a predictable local file or environment variable without any warning about secret handling, file permissions, rotation, or avoiding accidental disclosure. While this is common operational guidance, it increases the risk of credential leakage through shell history, logs, backups, multi-user systems, or accidental inclusion in scripts and repositories.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This file fetches sensitive health data from the Whoop API, including recovery, HRV, resting heart rate, SpO2, skin temperature, sleep, and strain metrics, without any user-facing notice, consent check, or indication of what data will be retrieved. In a health-focused skill this access is expected functionally, but the absence of disclosure still creates a privacy risk because highly sensitive biometric data may be processed or displayed without sufficiently transparent user awareness at the point of use.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The client writes refreshed access and refresh tokens to local files in plaintext with no permission hardening, encryption, or user warning. On multi-user systems or compromised environments, those files can be read by other local processes or users, enabling unauthorized access to the user's Whoop account and health data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script stores OAuth access and refresh tokens in plaintext files under the user's home directory without setting restrictive file permissions or clearly warning the user about the sensitivity of those credentials. If another local user, process, backup system, or malware can read those files, the tokens could be used to access the user's Whoop data and maintain access via refresh tokens.

Ssd 3

High
Confidence
99% confidence
Finding
Telling users to forward OAuth credentials to an assistant over Telegram/WhatsApp operationalizes insecure credential sharing as part of the product flow. Because this skill processes Whoop data, the exposed credentials may grant access to private health telemetry and could allow persistent unauthorized access if retained or mishandled.

Credential Access

High
Category
Privilege Escalation
Content
print("\n" + "=" * 70)
            print("✅ SUCCESS! Access token received")
            print("=" * 70)
            print(f"\n🔑 Access Token:\n{access_token[:20]}...{access_token[-20:]}")
            
            if refresh_token:
                print(f"\n🔄 Refresh Token:\n{refresh_token[:20]}...{refresh_token[-20:]}")
Confidence
95% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
# Save both access and refresh tokens
            DEFAULT_TOKEN_FILE.write_text(access_token)
            print(f"\n💾 Access token saved to: {DEFAULT_TOKEN_FILE}")
            
            if refresh_token:
                refresh_file = DEFAULT_TOKEN_FILE.parent / ".whoop_refresh_token"
Confidence
92% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
refresh_file = DEFAULT_TOKEN_FILE.parent / ".whoop_refresh_token"
                refresh_file.write_text(refresh_token)
                print(f"💾 Refresh token saved to: {refresh_file}")
                print("\n✨ Refresh token will auto-renew your access token when it expires!")
            print("\n" + "=" * 70)
            print("🎉 SETUP COMPLETE!")
            print("=" * 70)
Confidence
96% confidence
Finding
access token

Session Persistence

Medium
Category
Rogue Agent
Content
1. Go to https://app.whoop.com/
2. Navigate to Settings → Developer
3. Create a new application
4. Complete OAuth flow to get access token
5. Store token in `~/.whoop_token` or set `WHOOP_API_TOKEN` environment variable
Confidence
81% confidence
Finding
Create a new application 4. Complete OAuth flow to get access token 5. Store token in `~/.whoop_token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.