← Back to Skills Marketplace
1840
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install whoop-central
Description
WHOOP Central - OAuth + scripts to fetch WHOOP data (sleep, recovery, strain, workouts). Use when user asks about their sleep, recovery score, HRV, strain, or workout data.
Usage Guidance
This skill appears to do what it says: it implements a local OAuth bootstrap and fetches WHOOP data, storing client credentials and tokens on your machine and writing imported logs to your home directory. Before installing/running: 1) Review the code (or run in an isolated environment) if you don't fully trust the source. 2) Register your own WHOOP developer app and use its client_id/client_secret rather than sharing credentials. 3) Be aware the scripts save credentials/tokens to disk (default: ~/.clawdbot/whoop/ token.json and credentials.json); protect that directory and back up/rotate secrets as appropriate. 4) The import script writes logs to ~/clawd/health/logs/whoop/ — confirm that location is acceptable. 5) If you plan to use the local HTTPS callback, the script will generate a self-signed cert using openssl and may require you to proceed past browser TLS warnings. 6) Minor inconsistencies: SKILL.md recommends an HTTPS localhost redirect URI but auth.js defaults to http://localhost:3000/callback unless you set WHOOP_REDIRECT_URI; ensure your registered redirect exactly matches what you use. Overall: safe/consistent for its stated purpose, but follow standard precautions for any code that stores OAuth client secrets and tokens locally.
Capability Analysis
Type: OpenClaw Skill
Name: whoop-central
Version: 1.0.2
The OpenClaw skill 'whoop-central' is designed to integrate with the WHOOP API to fetch personal health data and store it locally. All file system operations (e.g., storing credentials/tokens in `~/.clawdbot/whoop/` and health logs in `~/clawd/health/logs/whoop/`), network calls (exclusively to `https://api.prod.whoop.com`), and child process executions (`openssl` for local HTTPS certs, `open`/`start`/`xdg-open` for browser interaction) are directly aligned with this stated purpose. There is no evidence of data exfiltration to unauthorized endpoints, malicious persistence, or prompt injection attempts in `SKILL.md`.
Capability Assessment
Purpose & Capability
Name/description (WHOOP data via OAuth) align with the included scripts. The code implements OAuth flows, token exchange/refresh, and endpoints to fetch recovery, sleep, strain, workouts and import historical data. Declared runtime binaries (node, openssl) are reasonable for the described flows.
Instruction Scope
SKILL.md instructions are specific and limited to: creating a WHOOP developer app, running the setup/auth/verify scripts, optionally using Postman, and importing/summarizing data. The scripts read/write local files (credentials and tokens) and call WHOOP API endpoints (api.prod.whoop.com / id.whoop.com). There is no instruction to read unrelated system files or send data to third-party servers beyond WHOOP. Note: the skill persists credentials/tokens to disk (~/.clawdbot/whoop/) and imports logs to ~/clawd/health/logs/whoop/ as documented.
Install Mechanism
No install spec / no remote downloads are present. This is a local Node script bundle; running it executes local JavaScript and calls out to local tools (openssl, xdg-open/open). That is proportionate to implementing a local OAuth loop and generating a self-signed localhost TLS cert.
Credentials
The skill does not require unrelated credentials. It asks the user to provide WHOOP client_id/client_secret (via interactive setup or token.json) which is expected. It also honors optional environment variables for customizing paths and redirect URI (WHOOP_DATA_DIR, WHOOP_CREDENTIALS_PATH, WHOOP_TOKEN_PATH, WHOOP_REDIRECT_URI, etc.), which are reasonable for configuration. No other service tokens or secrets are requested.
Persistence & Privilege
always:false and the skill does not modify other skills or global agent settings. It writes credential and token files into the user home (default ~/.clawdbot/whoop/) and may generate a self-signed TLS cert into that directory; it also writes imported logs to HOME/clawd/health/logs/whoop. These are expected side effects for a local OAuth/data-import tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install whoop-central - After installation, invoke the skill by name or use
/whoop-central - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Postman-first OAuth docs; add setup/verify/today; JSONL+time filters; publish-safe token storage.
Metadata
Frequently Asked Questions
What is WHOOP Central?
WHOOP Central - OAuth + scripts to fetch WHOOP data (sleep, recovery, strain, workouts). Use when user asks about their sleep, recovery score, HRV, strain, or workout data. It is an AI Agent Skill for Claude Code / OpenClaw, with 1840 downloads so far.
How do I install WHOOP Central?
Run "/install whoop-central" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is WHOOP Central free?
Yes, WHOOP Central is completely free (open-source). You can download, install and use it at no cost.
Which platforms does WHOOP Central support?
WHOOP Central is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created WHOOP Central?
It is built and maintained by 4xiomdev (@4xiomdev); the current version is v1.0.2.
More Skills