whoop
Accesses WHOOP fitness tracker data via API to analyze recovery, sleep, and workout metrics for improved health tracking.
Install this skill
or
90/100
Security score
The whoop skill was audited on Feb 9, 2026 and we found 6 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
low line 37
Access to hidden dotfiles in home directory
SourceSKILL.md
| 37 | mkdir -p ~/.whoop |
low line 38
Access to hidden dotfiles in home directory
SourceSKILL.md
| 38 | cat > ~/.whoop/credentials.json <<EOF |
low line 44
Access to hidden dotfiles in home directory
SourceSKILL.md
| 44 | chmod 600 ~/.whoop/credentials.json |
medium line 182
Access to hidden dotfiles in home directory
SourceSKILL.md
| 182 | ### "Credentials not found at ~/.whoop/credentials.json" |
low line 33
External URL reference
SourceSKILL.md
| 33 | - Set redirect URI (e.g., `http://localhost:8080/callback`) |
low line 99
External URL reference
SourceSKILL.md
| 99 | Base URL: `https://api.prod.whoop.com` |
Scanned on Feb 9, 2026
View Security DashboardInstall this skill with one command
/learn @openclaw/whoop-tracker