← Back to Skills Marketplace
Whoop
by
rodrigouroz
· GitHub ↗
· v1.1.0
2425
Downloads
4
Stars
5
Active Installs
4
Versions
Install in OpenClaw
/install whoop-health-analysis
Description
Access Whoop wearable health data (sleep, recovery, strain, HRV, workouts) and generate interactive charts. Use when the user asks about sleep quality, recovery scores, strain levels, HRV trends, workout data, or wants health visualizations/graphs from their Whoop band.
Usage Guidance
This skill appears to do exactly what it says: authenticate with Whoop, fetch your wearable data, and make charts. Before installing/running, consider: 1) The OAuth flow saves your client_id, client_secret, access_token, and refresh_token to ~/.clawdbot/whoop-tokens.json — review and protect that file (it is written with 0o600 where possible). 2) The `token` command prints the access token to stdout; avoid running commands in contexts that log terminal output or share stdout. 3) Generated HTML pages load charting code from a CDN (jsdelivr); opening them requires a network request and is a minor supply-chain/privacy risk — if you prefer, host a local copy of the charting library. 4) The local OAuth callback uses port 9876; ensure that port is available and acceptable in your environment. 5) If you want least-privilege, create the Whoop app with only the scopes you need instead of selecting all. Review the repository files locally before running and delete the token file (whoop_auth.py logout) when you no longer want persistent access.
Capability Analysis
Type: OpenClaw Skill
Name: whoop-health-analysis
Version: 1.1.0
This skill is classified as benign. It provides functionality to access Whoop health data, generate interactive charts, and perform health analysis. The authentication process uses standard OAuth 2.0, storing tokens locally in `~/.clawdbot/whoop-tokens.json` with appropriate permissions. All network requests are directed to legitimate Whoop API endpoints (`https://api.prod.whoop.com`). While `SKILL.md` contains instructions for the AI agent to read `references/health_analysis.md` for interpretation (a form of prompt injection), this is for the stated purpose of guiding health analysis and includes disclaimers that it is not medical advice. There is no evidence of unauthorized data exfiltration, malicious execution, persistence, or obfuscation.
Capability Assessment
Purpose & Capability
Name/description (Whoop health data + charts) align with the included scripts: authentication, data fetch, and chart generation. The OAuth client_id/secret + redirect flow are expected for this integration; no unrelated services or credentials are requested.
Instruction Scope
SKILL.md stays within the Whoop integration scope (create developer app, run local OAuth flow, fetch Whoop endpoints, generate charts). It documents where tokens are stored (~/.clawdbot/whoop-tokens.json). Minor notes: the README mentions Chart.js but the script uses ApexCharts; charts load a remote CDN (jsdelivr) when the HTML is opened.
Install Mechanism
No install spec — instruction-only runtime with bundled scripts. Nothing is downloaded or extracted by an installer. The only external resource is the charts JS loaded from a public CDN when opening the generated HTML.
Credentials
No environment variables or unrelated credentials are requested. The tool stores sensitive items (access_token, refresh_token, client_id, client_secret) in ~/.clawdbot/whoop-tokens.json (the code attempts to chmod 600). Storing client_secret and refresh_token is expected for offline OAuth refresh, but the token file contains secrets and the 'token' subcommand prints the access token to stdout (risk of logging/exfiltration if run in shared or logged shells).
Persistence & Privilege
always:false and no modification of other skills or system-wide config. The skill writes a token file to the user's home directory (normal for OAuth clients) and temporarily binds a local HTTP server on port 9876 for the OAuth callback; both are scoped to the user's environment.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install whoop-health-analysis - After installation, invoke the skill by name or use
/whoop-health-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Upgraded charts to ApexCharts: zoom/pan, gradient fills, recovery zone annotations, HRV 7-day moving average, short date labels, smooth animations. Fixed dashboard rendering issues.
v1.0.2
Cleanup: remove __pycache__ and .git from package
v1.0.1
Fix: translate all content to English
v1.0.0
Initial release: OAuth with refresh tokens, fetch sleep/recovery/cycles/workouts, health analysis framework with science-backed insights, interactive charts
Metadata
Frequently Asked Questions
What is Whoop?
Access Whoop wearable health data (sleep, recovery, strain, HRV, workouts) and generate interactive charts. Use when the user asks about sleep quality, recovery scores, strain levels, HRV trends, workout data, or wants health visualizations/graphs from their Whoop band. It is an AI Agent Skill for Claude Code / OpenClaw, with 2425 downloads so far.
How do I install Whoop?
Run "/install whoop-health-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Whoop free?
Yes, Whoop is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Whoop support?
Whoop is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Whoop?
It is built and maintained by rodrigouroz (@rodrigouroz); the current version is v1.1.0.
More Skills