OpenClaw Health

Generate a daily health brief from Oura, Whoop, and Withings. Unified re-auth script, local token persistence, Green/Yellow/Red morning summary.

What to check before installing: - Behavior is broadly consistent with the stated purpose (fetching from providers, normalizing, persisting tokens), but the docs slightly overstate behavior: 1Password writeback is NOT automatic unless you set OPENCLAW_1P_WRITEBACK=1 and have the op CLI and appropriate OP credentials available. - Review and decide where rotated tokens should live: by default the skill writes tokens to ~/.openclaw/secrets/health_tokens.json (attempts chmod 600). If you prefer not to keep local tokens, don't enable writeback or change OPENCLAW_LOCAL_SECRETS_PATH. - If you will enable 1Password writeback, treat OP_SERVICE_ACCOUNT_TOKEN as highly sensitive and ensure the service-account/vault have minimal scope. Confirm the 'op' CLI is installed and you understand the vault that will be targeted (OPENCLAW_1P_VAULT). - The registry metadata says no required env vars, but the skill will need credentials (either in 1Password or env vars) to fetch live data. Use OPENCLAW_FORCE_SAMPLE=1 to run smoke tests without credentials. - Inspect the cron example before copying: it sources ~/.openclaw/secrets/gateway.env — verify that file doesn't contain unrelated high-value credentials you don't want the periodic job to source. - If you can't inspect code yourself, run tests/smoke mode first, and consider running the skill in an isolated environment (container or VM) until you are comfortable with where tokens are stored and how writeback behaves.

Type: OpenClaw Skill Name: openclaw-health Version: 1.0.0 This skill is classified as suspicious due to its use of high-risk capabilities, although they appear aligned with its stated purpose. It interacts with the 1Password CLI (`op` command in `core/util/secrets.py`) to read and optionally write sensitive OAuth tokens, and it persists these tokens locally in `~/.openclaw/secrets/health_tokens.json` (`core/util/local_secrets.py`). While these actions are necessary for the skill's functionality (fetching health data and managing token rotation), programmatic access to a password manager and local storage of sensitive credentials represent significant security capabilities that could be abused if the skill were compromised or designed with malicious intent. There is no clear evidence of intentional malicious behavior, such as unauthorized data exfiltration to external endpoints or harmful prompt injection against the agent in `SKILL.md`.