← 返回 Skills 市场
1840
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install whoop-central
功能描述
WHOOP Central - OAuth + scripts to fetch WHOOP data (sleep, recovery, strain, workouts). Use when user asks about their sleep, recovery score, HRV, strain, or workout data.
安全使用建议
This skill appears to do what it says: it implements a local OAuth bootstrap and fetches WHOOP data, storing client credentials and tokens on your machine and writing imported logs to your home directory. Before installing/running: 1) Review the code (or run in an isolated environment) if you don't fully trust the source. 2) Register your own WHOOP developer app and use its client_id/client_secret rather than sharing credentials. 3) Be aware the scripts save credentials/tokens to disk (default: ~/.clawdbot/whoop/ token.json and credentials.json); protect that directory and back up/rotate secrets as appropriate. 4) The import script writes logs to ~/clawd/health/logs/whoop/ — confirm that location is acceptable. 5) If you plan to use the local HTTPS callback, the script will generate a self-signed cert using openssl and may require you to proceed past browser TLS warnings. 6) Minor inconsistencies: SKILL.md recommends an HTTPS localhost redirect URI but auth.js defaults to http://localhost:3000/callback unless you set WHOOP_REDIRECT_URI; ensure your registered redirect exactly matches what you use. Overall: safe/consistent for its stated purpose, but follow standard precautions for any code that stores OAuth client secrets and tokens locally.
功能分析
Type: OpenClaw Skill
Name: whoop-central
Version: 1.0.2
The OpenClaw skill 'whoop-central' is designed to integrate with the WHOOP API to fetch personal health data and store it locally. All file system operations (e.g., storing credentials/tokens in `~/.clawdbot/whoop/` and health logs in `~/clawd/health/logs/whoop/`), network calls (exclusively to `https://api.prod.whoop.com`), and child process executions (`openssl` for local HTTPS certs, `open`/`start`/`xdg-open` for browser interaction) are directly aligned with this stated purpose. There is no evidence of data exfiltration to unauthorized endpoints, malicious persistence, or prompt injection attempts in `SKILL.md`.
能力评估
Purpose & Capability
Name/description (WHOOP data via OAuth) align with the included scripts. The code implements OAuth flows, token exchange/refresh, and endpoints to fetch recovery, sleep, strain, workouts and import historical data. Declared runtime binaries (node, openssl) are reasonable for the described flows.
Instruction Scope
SKILL.md instructions are specific and limited to: creating a WHOOP developer app, running the setup/auth/verify scripts, optionally using Postman, and importing/summarizing data. The scripts read/write local files (credentials and tokens) and call WHOOP API endpoints (api.prod.whoop.com / id.whoop.com). There is no instruction to read unrelated system files or send data to third-party servers beyond WHOOP. Note: the skill persists credentials/tokens to disk (~/.clawdbot/whoop/) and imports logs to ~/clawd/health/logs/whoop/ as documented.
Install Mechanism
No install spec / no remote downloads are present. This is a local Node script bundle; running it executes local JavaScript and calls out to local tools (openssl, xdg-open/open). That is proportionate to implementing a local OAuth loop and generating a self-signed localhost TLS cert.
Credentials
The skill does not require unrelated credentials. It asks the user to provide WHOOP client_id/client_secret (via interactive setup or token.json) which is expected. It also honors optional environment variables for customizing paths and redirect URI (WHOOP_DATA_DIR, WHOOP_CREDENTIALS_PATH, WHOOP_TOKEN_PATH, WHOOP_REDIRECT_URI, etc.), which are reasonable for configuration. No other service tokens or secrets are requested.
Persistence & Privilege
always:false and the skill does not modify other skills or global agent settings. It writes credential and token files into the user home (default ~/.clawdbot/whoop/) and may generate a self-signed TLS cert into that directory; it also writes imported logs to HOME/clawd/health/logs/whoop. These are expected side effects for a local OAuth/data-import tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install whoop-central - 安装完成后,直接呼叫该 Skill 的名称或使用
/whoop-central触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Postman-first OAuth docs; add setup/verify/today; JSONL+time filters; publish-safe token storage.
元数据
常见问题
WHOOP Central 是什么?
WHOOP Central - OAuth + scripts to fetch WHOOP data (sleep, recovery, strain, workouts). Use when user asks about their sleep, recovery score, HRV, strain, or workout data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1840 次。
如何安装 WHOOP Central?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install whoop-central」即可一键安装,无需额外配置。
WHOOP Central 是免费的吗?
是的,WHOOP Central 完全免费(开源免费),可自由下载、安装和使用。
WHOOP Central 支持哪些平台?
WHOOP Central 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WHOOP Central?
由 4xiomdev(@4xiomdev)开发并维护,当前版本 v1.0.2。
推荐 Skills