← 返回 Skills 市场

Whoop Skill

Name: Whoop Skill
Author: koala73

作者 koala73 · GitHub ↗ · v1.1.0

cross-platform ✓ 安全检测通过

2281

总下载

当前安装

版本数

在 OpenClaw 中安装

/install whoopskill

功能描述

WHOOP CLI with health insights, trends analysis, and data fetching (sleep, recovery, HRV, strain).

安全使用建议

This skill appears to do exactly what it says: run a WHOOP OAuth flow, store tokens locally, and call the WHOOP API. Before installing or running it: - Only provide WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET and WHOOP_REDIRECT_URI from your WHOOP developer app (these are needed for OAuth). Treat the client secret like any other secret. - Tokens are stored at ~/.whoop-cli/tokens.json with restrictive permissions (0o600); if you use shared machines or CI, consider where that file will live and who can read it. Revoke the refresh token from your WHOOP developer console if you suspect compromise. - The package is intended for npm install -g whoopskill; verify you install the official package name and review the GitHub source (https://github.com/koala73/whoopskill) if you want extra assurance. - Minor inconsistencies: registry metadata said instruction-only while the bundle contains source and an npm package; package-lock and package.json show slightly different versions — this is not an immediate red flag but worth verifying the release you install. - If you plan to run this in automation (cron/systemd), avoid embedding client secrets in widely-readable locations; prefer a protected environment and rotate credentials if needed.

功能分析

Type: OpenClaw Skill Name: whoopskill Version: 1.1.0 The OpenClaw AgentSkills skill bundle for 'whoopskill' is benign. It provides a legitimate CLI tool for interacting with the WHOOP API, fetching health data, and managing OAuth tokens. The `SKILL.md` and `README.md` contain no prompt injection attempts, only clear instructions for usage and setup. The code handles sensitive credentials (WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET) via environment variables and stores OAuth tokens in `~/.whoop-cli/tokens.json` with appropriate `0o600` permissions. All network communication is directed to the legitimate WHOOP API (`https://api.prod.whoop.com/`), with no evidence of data exfiltration to unauthorized endpoints or malicious execution.

能力评估

✓ Purpose & Capability

Name/description (WHOOP CLI, metrics, insights) matches the code and required environment variables (WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET, WHOOP_REDIRECT_URI) and the only required binary is node — all appropriate for an OAuth-based WHOOP CLI.

✓ Instruction Scope

SKILL.md and the CLI code only instruct the agent/user to perform WHOOP OAuth/login, fetch WHOOP API endpoints, and optionally run a refresh monitor. There are no instructions to read unrelated files, contact external endpoints other than api.prod.whoop.com, or collect unrelated system data.

ℹ Install Mechanism

SKILL.md metadata suggests an npm install (whoopskill) which is a standard distribution channel. The repository also contains full source and a package.json/package-lock. Registry metadata summary indicated 'no install spec / instruction-only' — that mismatch between registry metadata and the SKILL.md/package files is a minor inconsistency you may want to confirm (it means the skill is distributed as code/npm package, not purely docs). No downloads from untrusted URLs or obscure hosts were found.

✓ Credentials

The skill only requires WHOOP OAuth credentials and uses them for token exchange and refresh. These environment variables are necessary for the described OAuth flow; no unrelated secrets or broad permissions are requested.

ℹ Persistence & Privilege

The CLI stores OAuth tokens at ~/.whoop-cli/tokens.json and sets restrictive permissions (dir 0o700, file chmod 0o600). This is expected for an OAuth CLI, but be aware tokens are kept on-disk (clearTokens writes an empty file rather than removing it). The skill does not request 'always:true' or modify other skills/configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install whoopskill
安装完成后，直接呼叫该 Skill 的名称或使用 /whoopskill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

Major update: Adds health summaries, trends, and insights features for enhanced analysis. - New `summary`, `trends`, and `insights` commands for quick health overviews, trend analysis, and AI-style recommendations. - Color-coded statuses and trend arrows for health indicators. - Supports multi-day trends and recommendation generation (e.g., sleep debt, performance). - Enhanced human-readable output with emojis and status indicators. - Original data fetching commands remain, now with expanded analysis options.

v1.0.2

Initial version: WHOOP CLI for fetching health data (sleep, recovery, workouts, HRV, strain).

元数据

Slug whoopskill

版本 1.1.0

许可证 —

累计安装 4

当前安装数 3

历史版本数 2

常见问题

Whoop Skill 是什么？

WHOOP CLI with health insights, trends analysis, and data fetching (sleep, recovery, HRV, strain). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2281 次。

如何安装 Whoop Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install whoopskill」即可一键安装，无需额外配置。

Whoop Skill 是免费的吗？

是的，Whoop Skill 完全免费（开源免费），可自由下载、安装和使用。

Whoop Skill 支持哪些平台？

Whoop Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Whoop Skill？

由 koala73（@koala73）开发并维护，当前版本 v1.1.0。