← Back to Skills Marketplace
WHOOP Tracker
by
Giacomo Barbieri
· GitHub ↗
· v1.0.1
1812
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install whoop-tracker
Description
Access WHOOP fitness tracker data via API, including recovery scores, sleep metrics, workout stats, daily strain, and body measurements. Use when the user asks about their WHOOP data, fitness metrics, recovery status, sleep quality, workout performance, or wants to track health trends.
Usage Guidance
This skill is coherent with its stated purpose (fetching WHOOP data) and does not request unrelated credentials, but it is not production-ready. Before installing or running: (1) review the code locally — it will create ~/.whoop/credentials.json and ~/.whoop/token.json and store your client_id/client_secret and tokens there; protect those files (chmod 600 is recommended); (2) be prepared to run 'pip3 install requests' or use the provided install.sh in a virtualenv; (3) expect runtime errors due to documented bugs in AUDIT.md (fix import paths or run scripts from the skill root, ensure endpoints and redirect_uri match your WHOOP app settings); (4) if you don't trust the source, run the scripts in an isolated VM/container or review/fix the code before using them with your live WHOOP account. If you want, I can list the specific code mismatches and exact fixes referenced in AUDIT.md to help get it working safely.
Capability Analysis
Type: OpenClaw Skill
Name: whoop-tracker
Version: 1.0.1
The skill is designed to access WHOOP fitness data via its official API. All code and documentation align with this stated purpose. The `whoop_client.py` script handles OAuth authentication, token storage (`~/.whoop/token.json`), and API calls to legitimate WHOOP domains (`api.prod.whoop.com`). Credentials are stored securely in `~/.whoop/credentials.json` with `chmod 600` permissions. The `install.sh` script only installs the `requests` Python library and provides instructions for manual credential setup. The `SKILL.md` instructions are straightforward and do not contain any prompt injection attempts or instructions for malicious actions. The `AUDIT.md` file, while detailing numerous functional bugs, does not indicate any malicious intent or security vulnerabilities beyond poor implementation quality.
Capability Assessment
Purpose & Capability
Name and description align with included code: a Python WHOOP API client and scripts for profile, recovery, sleep, and workouts. The skill uses OAuth and stores credentials/tokens under ~/.whoop which is appropriate for this purpose. Minor inconsistencies exist between SKILL.md, references, and whoop_client.py (base URL path includes '/developer', some endpoint paths/versions differ between docs and code, and get_body_measurements endpoint path differs from the reference), but these are implementation bugs rather than evidence of misrepresentation.
Instruction Scope
SKILL.md instructs the agent/user to create ~/.whoop/credentials.json, run an OAuth flow, and execute the provided scripts — all scoped to WHOOP data. The runtime instructions and scripts read/write only the described credentials and token files and call the WHOOP API. However the SKILL.md and code have mismatches (endpoints, path conventions) and the included AUDIT.md flags missing error handling and other faults; follow-up fixes are needed to avoid runtime failures.
Install Mechanism
No remote downloads or third-party install artifacts beyond a local install.sh that runs 'pip3 install requests'. All code is packaged with the skill; install method is low risk compared with arbitrary remote downloads.
Credentials
No environment variables or unrelated cloud credentials are requested. The skill requires a WHOOP OAuth client_id/client_secret which the instructions place in ~/.whoop/credentials.json — this is proportional to the declared functionality. It does persist OAuth tokens to ~/.whoop/token.json (normal for an OAuth client).
Persistence & Privilege
The skill persists its own credentials/tokens under ~/.whoop and does not request always:true or system-wide configuration changes. It does not modify other skills or system-wide agents. Storing tokens locally is expected for this kind of client, but you should protect the credentials file (SKILL.md suggests chmod 600 which is appropriate).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install whoop-tracker - After installation, invoke the skill by name or use
/whoop-tracker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Add README-style usage snippet in SKILL.md.
v1.0.0
Initial release: OAuth setup, recovery/sleep/workout/cycle/profile endpoints, CLI scripts, docs.
Metadata
Frequently Asked Questions
What is WHOOP Tracker?
Access WHOOP fitness tracker data via API, including recovery scores, sleep metrics, workout stats, daily strain, and body measurements. Use when the user asks about their WHOOP data, fitness metrics, recovery status, sleep quality, workout performance, or wants to track health trends. It is an AI Agent Skill for Claude Code / OpenClaw, with 1812 downloads so far.
How do I install WHOOP Tracker?
Run "/install whoop-tracker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is WHOOP Tracker free?
Yes, WHOOP Tracker is completely free (open-source). You can download, install and use it at no cost.
Which platforms does WHOOP Tracker support?
WHOOP Tracker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created WHOOP Tracker?
It is built and maintained by Giacomo Barbieri (@ijaack); the current version is v1.0.1.
More Skills