← 返回 Skills 市场
317
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-whoop
功能描述
Connect to the WHOOP Developer Platform via official OAuth (authorization code flow), store and refresh tokens, and fetch WHOOP v2 data (recovery, sleep, cyc...
安全使用建议
This package looks like a reasonable WHOOP OAuth client: it talks only to WHOOP endpoints, stores tokens locally (default ~/.config/openclaw/whoop/token.json), and renders user-facing summaries. Before installing: 1) Confirm the source/owner is trusted — the registry metadata and the SKILL.md disagree about required environment variables; the scripts DO require WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET, and WHOOP_REDIRECT_URI. 2) Provide only a WHOOP app/client with minimal scopes (e.g., read:recovery, read:sleep, read:cycles). 3) Consider setting WHOOP_TOKEN_PATH to a secure location and verify the token file permissions after creation; revoke the app/client from your WHOOP developer dashboard if you later remove the skill. 4) Understand loopback mode opens a local HTTP listener to capture the OAuth code — only use that if you trust the environment and the redirect URI. 5) Ask the publisher to correct the registry metadata to declare the required env vars and primary credential so automated permission reviews work correctly.
功能分析
Type: OpenClaw Skill
Name: openclaw-whoop
Version: 0.1.2
The skill bundle is a standard and well-implemented integration for the WHOOP API. It follows security best practices by using environment variables for secrets, implementing the official OAuth 2.0 Authorization Code flow, and securing local token storage with restrictive file permissions (0600) in `whoop_token.py`. The scripts (`whoop_fetch.py`, `whoop_oauth_login.py`) use Python's built-in `urllib` to avoid third-party dependency risks, and the instructions in `SKILL.md` are strictly aligned with the stated purpose of fetching and rendering fitness metrics without any evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The name, description, SKILL.md, and included scripts all match: this is an OAuth-based WHOOP client that fetches and renders WHOOP v2 metrics. The requested capabilities (fetching recovery/sleep/cycle/workout/profile data, storing tokens) are coherent with the stated purpose. However the registry metadata declares no required env vars or primary credential while the runtime instructions and code clearly require WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET, and WHOOP_REDIRECT_URI — that metadata mismatch is suspicious and should be corrected.
Instruction Scope
SKILL.md instructs the agent to perform OAuth login, fetch WHOOP endpoints, normalize and render results, and optionally send via OpenClaw message tool or cron. The included scripts only access the WHOOP API, read/write the designated token file, and operate on input/output JSON files; they do not attempt to read unrelated system files or other credentials. Loopback mode starts a local HTTP listener to capture the OAuth code (standard for authorization code flow).
Install Mechanism
No install spec (instruction-only + bundled scripts). There are no downloads, package installs, or external installers in the manifest — the risk from installation is limited to running the included Python scripts. All code is present in the bundle for review.
Credentials
The scripts legitimately require WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET, and WHOOP_REDIRECT_URI (and optionally WHOOP_TOKEN_PATH / WHOOP_TZ). Those credentials are proportionate for OAuth. The concern is that the registry metadata lists no required env vars and no primary credential — this mismatch could cause users or automated systems to grant insufficient or excessive permissions unknowingly. Token storage to ~/.config/openclaw/whoop/token.json is expected; the code attempts to set file permissions to 0600.
Persistence & Privilege
The skill does not request special platform privileges or set always:true. It writes a token file under the user's home config directory and creates that directory if needed — this is normal for an OAuth client. It does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-whoop - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-whoop触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
OAuth UX: default remote copy/paste mode; add optional --loopback fast path for same-machine browser authorization.
v0.1.1
Polish SKILL.md intro copy + add minimal quick start; no functional changes.
v0.1.0
Republish under WHOOP-friendly slug (openclaw-whoop). Same contents as [email protected].
元数据
常见问题
WHOOP (Official API) 是什么?
Connect to the WHOOP Developer Platform via official OAuth (authorization code flow), store and refresh tokens, and fetch WHOOP v2 data (recovery, sleep, cyc... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 317 次。
如何安装 WHOOP (Official API)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-whoop」即可一键安装,无需额外配置。
WHOOP (Official API) 是免费的吗?
是的,WHOOP (Official API) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
WHOOP (Official API) 支持哪些平台?
WHOOP (Official API) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WHOOP (Official API)?
由 Gavin C.(@gavinchengcool)开发并维护,当前版本 v0.1.2。
推荐 Skills