技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.3.1
统计:⭐ 0 · 527 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:andreasnlarsen/whoop-cli
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's runtime instructions and install guidance expect a WHOOP CLI, OAuth credentials, and local token files, but the registry metadata claims no requirements and no install — the mismatch and lack of origin/homepage warrant caution.
目的
The skill's stated purpose (agent-friendly whoop-cli access for briefs, health flags, and exports) matches the commands and workflows in SKILL.md. Requesting WHOOP OAuth credentials and a whoop binary is coherent with that purpose. However, the registry metadata lists no required binaries, no env vars, and no install spec while SKILL.md clearly documents both required env vars and an npm install — this inconsistency is unexpected and should be…
说明范围
SKILL.md instructs the agent to run whoop CLI commands that read/write local files (e.g., ~/.whoop-cli/profiles/*.json, experiments.json) and to prefer read-only operations; it explicitly warns not to request secrets in chat and to let the user perform login locally. Those runtime instructions are generally scoped to the stated purpose, but they also allow or suggest commands that could surface local token files or request client secrets for l…
安装机制
SKILL.md provides an npm global install (package @andreasnlarsen/whoop-cli@0.3.1), which is a reasonable distribution mechanism for a Node CLI, but the registry's top-level metadata contained no install spec. The presence of install instructions only in SKILL.md (not in the registry) is an inconsistency. Installing an npm package globally requires runtime privileges and should be done from a trusted source; SKILL.md points to a GitHub repo, bu…
证书
SKILL.md requires WHOOP_CLIENT_ID, WHOOP_CLIENT_SECRET, and WHOOP_REDIRECT_URI (with WHOOP_CLIENT_SECRET declared as primaryEnv) which are appropriate for OAuth-based CLI access. The registry metadata, however, declared no required env vars or primary credential — this mismatch is a red flag. Otherwise, the skill does not request additional unrelated credentials and restricts operations to local token files and read-only commands where possible.
持久
The skill does not request always:true, does not claim persistent system-wide configuration changes, and is instruction-only (no code written to disk by the registry). SKILL.md mentions the CLI will store tokens under ~/.whoop-cli and offers an optional local install command, which is normal for a CLI integration and within scope for this purpose.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「WHOOP CLI for Agents」。简介:Use whoop-cli to fetch WHOOP data, generate day briefs/health flags, and export…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/andreasnlarsen/whoop-cli/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: whoop-cli
description: Companion skill for @andreasnlarsen/whoop-cli: agent-friendly WHOOP access via stable CLI JSON (day briefs, health flags, trends, exports) without raw API plumbing.
metadata:
openclaw:
requires:
bins:
- whoop
env:
- WHOOP_CLIENT_ID
- WHOOP_CLIENT_SECRET
- WHOOP_REDIRECT_URI
primaryEnv: WHOOP_CLIENT_SECRET
homepage: https://github.com/andreasnlarsen/whoop-cli
install:
- kind: node
package: "@andreasnlarsen/whoop-cli@0.3.1"
bins:
- whoop
label: Install whoop-cli from npm
---
# whoop-cli
Use the installed `whoop` command.
## Security + credential handling (required)
- Never ask users to paste client secrets/tokens into chat.
- For first-time auth, the user should run login **locally on their own shell**.
- Prefer read-only operational commands in agent flows (`summary`, `day-brief`, `health`, `trend`, `sync pull`).
- Do not run `whoop auth login` unless the user explicitly asks for login help.
- Tokens are stored locally at `~/.whoop-cli/profiles/<profile>.json` by the CLI.
## Install / bootstrap
If `whoop` is missing:
```bash
npm install -g @andreasnlarsen/whoop-cli@0.3.1
```
Optional OpenClaw skill install from package bundle:
```bash
whoop openclaw install-skill --force
```
## Core checks
1. `whoop auth status --json`
2. If unauthenticated, ask the user to run local login:
- `whoop auth login --client-id ... --client-secret ... --redirect-uri ...`
3. Validate:
- `whoop day-brief --json --pretty`
## Useful commands
- Daily:
- `whoop summary --json --pretty`
- `whoop day-brief --json --pretty`
- `whoop strain-plan --json --pretty`
- `whoop health flags --days 7 --json --pretty`
- Activity analysis:
- `whoop activity list --days 30 --json --pretty`
- `whoop activity trend --days 30 --json --pretty`
- `whoop activity types --days 30 --json --pretty`
- training-only: `whoop activity trend --days 30 --labeled-only --json --pretty`
### Activity interpretation guardrail (important)
- WHOOP generic `activity` rows (often `sport_id=-1`) are auto-detected and may be unlabeled movement (housework/incidental activity), not intentional training.
- Do not treat generic `activity` as confirmed training volume by default.
- For coaching/training recommendations, default to `--labeled-only` and report both total vs filtered counts.
### Agent filtering pattern (jq-friendly)
- Canonical source: `whoop activity list --json`
- Prefer built-in filters first (`--labeled-only`, `--generic-only`, `--sport-id`, `--sport-name`).
- If custom slicing is needed and `jq` is available, filter shell-side from raw JSON (example):
```bash
whoop activity list --days 30 --json | jq '.data.records | map(select(.sport_id != -1))'
```
- Export:
- `whoop sync pull --start YYYY-MM-DD --end YYYY-MM-DD --out ./whoop.jsonl --json --pretty`
## Experiment protocol (agent-required)
- Canonical state: `~/.whoop-cli/experiments.json` only.
- Plan experiments with context at creation time:
- `whoop experiment plan --name ... --behavior ... --start-date YYYY-MM-DD [--end-date YYYY-MM-DD] --description ... --why ... --hypothesis ... --success-criteria ... --protocol ... --json --pretty`
- Update context without creating duplicate state:
- `whoop experiment context --id ... [--description ... --why ... --hypothesis ... --success-criteria ... --protocol ...] --json --pretty`
- Check lifecycle/status with:
- `whoop experiment status [--status planned|running|completed] [--id ...] --json --pretty`
- Evaluate outcomes with:
- `whoop experiment report --id ... --json --pretty`
- Profile scope is strict by default (active `--profile` only).
- Use `--all-profiles` only when cross-profile visibility is explicitly needed.
- Prefer output field `sourceOfTruth` (path to canonical state file); `experimentsFile` is kept as compatibility alias.
- Avoid duplicating experiment state into other files unless the user explicitly asks for separate notes.
## Safety
- Never print client secrets or raw tokens.
- Keep API errors concise and actionable.
- Treat this integration as unofficial/non-affiliated.