← Back to Skills Marketplace

Whoop Skill

Name: Whoop Skill
Author: koala73

by koala73 · GitHub ↗ · v1.1.0

cross-platform ✓ Security Clean

2281

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install whoopskill

Description

WHOOP CLI with health insights, trends analysis, and data fetching (sleep, recovery, HRV, strain).

Usage Guidance

This skill appears to do exactly what it says: run a WHOOP OAuth flow, store tokens locally, and call the WHOOP API. Before installing or running it: - Only provide WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET and WHOOP_REDIRECT_URI from your WHOOP developer app (these are needed for OAuth). Treat the client secret like any other secret. - Tokens are stored at ~/.whoop-cli/tokens.json with restrictive permissions (0o600); if you use shared machines or CI, consider where that file will live and who can read it. Revoke the refresh token from your WHOOP developer console if you suspect compromise. - The package is intended for npm install -g whoopskill; verify you install the official package name and review the GitHub source (https://github.com/koala73/whoopskill) if you want extra assurance. - Minor inconsistencies: registry metadata said instruction-only while the bundle contains source and an npm package; package-lock and package.json show slightly different versions — this is not an immediate red flag but worth verifying the release you install. - If you plan to run this in automation (cron/systemd), avoid embedding client secrets in widely-readable locations; prefer a protected environment and rotate credentials if needed.

Capability Analysis

Type: OpenClaw Skill Name: whoopskill Version: 1.1.0 The OpenClaw AgentSkills skill bundle for 'whoopskill' is benign. It provides a legitimate CLI tool for interacting with the WHOOP API, fetching health data, and managing OAuth tokens. The `SKILL.md` and `README.md` contain no prompt injection attempts, only clear instructions for usage and setup. The code handles sensitive credentials (WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET) via environment variables and stores OAuth tokens in `~/.whoop-cli/tokens.json` with appropriate `0o600` permissions. All network communication is directed to the legitimate WHOOP API (`https://api.prod.whoop.com/`), with no evidence of data exfiltration to unauthorized endpoints or malicious execution.

Capability Assessment

✓ Purpose & Capability

Name/description (WHOOP CLI, metrics, insights) matches the code and required environment variables (WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET, WHOOP_REDIRECT_URI) and the only required binary is node — all appropriate for an OAuth-based WHOOP CLI.

✓ Instruction Scope

SKILL.md and the CLI code only instruct the agent/user to perform WHOOP OAuth/login, fetch WHOOP API endpoints, and optionally run a refresh monitor. There are no instructions to read unrelated files, contact external endpoints other than api.prod.whoop.com, or collect unrelated system data.

ℹ Install Mechanism

SKILL.md metadata suggests an npm install (whoopskill) which is a standard distribution channel. The repository also contains full source and a package.json/package-lock. Registry metadata summary indicated 'no install spec / instruction-only' — that mismatch between registry metadata and the SKILL.md/package files is a minor inconsistency you may want to confirm (it means the skill is distributed as code/npm package, not purely docs). No downloads from untrusted URLs or obscure hosts were found.

✓ Credentials

The skill only requires WHOOP OAuth credentials and uses them for token exchange and refresh. These environment variables are necessary for the described OAuth flow; no unrelated secrets or broad permissions are requested.

ℹ Persistence & Privilege

The CLI stores OAuth tokens at ~/.whoop-cli/tokens.json and sets restrictive permissions (dir 0o700, file chmod 0o600). This is expected for an OAuth CLI, but be aware tokens are kept on-disk (clearTokens writes an empty file rather than removing it). The skill does not request 'always:true' or modify other skills/configs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install whoopskill
After installation, invoke the skill by name or use /whoopskill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

Major update: Adds health summaries, trends, and insights features for enhanced analysis. - New `summary`, `trends`, and `insights` commands for quick health overviews, trend analysis, and AI-style recommendations. - Color-coded statuses and trend arrows for health indicators. - Supports multi-day trends and recommendation generation (e.g., sleep debt, performance). - Enhanced human-readable output with emojis and status indicators. - Original data fetching commands remain, now with expanded analysis options.

v1.0.2

Initial version: WHOOP CLI for fetching health data (sleep, recovery, workouts, HRV, strain).

Metadata

Slug whoopskill

Version 1.1.0

License —

All-time Installs 4

Active Installs 3

Total Versions 2

Frequently Asked Questions

What is Whoop Skill?

WHOOP CLI with health insights, trends analysis, and data fetching (sleep, recovery, HRV, strain). It is an AI Agent Skill for Claude Code / OpenClaw, with 2281 downloads so far.

How do I install Whoop Skill?

Run "/install whoopskill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Whoop Skill free?

Yes, Whoop Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Whoop Skill support?

Whoop Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Whoop Skill?

It is built and maintained by koala73 (@koala73); the current version is v1.1.0.

More Skills