Safety Report

OpenClaw Health Brief

Name: OpenClaw Health Brief
Rating: 3 (2 reviews)
Author: NathanielWeiner

Generate a daily health brief from Oura, Whoop, and Withings. Unified re-auth script, local token persistence, Green/Yellow/Red morning summary.

946Downloads

0Installs

2Stars

1Versions

API Integration11,971 CLI & Shell Tools3,679 Networking & DNS2,106 Healthcare1,086

Security Analysis

medium confidence

Suspicious0.16 risk

The skill appears to implement the advertised health-brief functionality, but the registry metadata omits several real requirements (1Password 'op' CLI, service account token, provider tokens) and the code will persist and optionally write back sensitive tokens — these mismatches and secret-handling behaviors warrant caution before installing.

Feb 11, 202617 files5 concerns

Purpose & Capabilitynote

The code matches the stated purpose (fetch Oura/WHOOP/Withings, normalize, render a brief). However the registry metadata declared no required env vars or binaries while the implementation expects the 1Password CLI ('op'), OP_SERVICE_ACCOUNT_TOKEN / OPENCLAW_1P_VAULT when using 1Password, and various provider tokens as env var fallbacks. The omission in the manifest is an inconsistency.

Instruction Scopenote

SKILL.md stays within the expected scope (authorize providers via OAuth, run reauth, run brief, add cron). It explicitly instructs storing tokens in 1Password and in a local file (~/.openclaw/secrets/health_tokens.json). The instructions do not appear to request unrelated system data, but they do direct the agent to open a browser for OAuth and to source an existing gateway.env in cron — both of which assume access to local environment and secrets.

Install Mechanismnote

There is no install spec (instruction-only), which reduces supply-chain footprint, but the package contains executable Python CLI code and expects external tooling (the 'op' CLI). The absence of an install step means the user is responsible for installing Python dependencies and the 'op' binary; this should have been declared.

Credentialsconcern

The skill will read and use many sensitive environment variables and external secrets (OP_SERVICE_ACCOUNT_TOKEN, OPENCLAW_1P_VAULT, WHOOP_*/OURA_*/WITHINGS_*). The registry lists none of these. The code also calls the 'op' CLI via subprocess to read (and optionally write) 1Password items — a high-privilege operation. WRITEBACK to 1Password is gated by OPENCLAW_1P_WRITEBACK=1, but that flag is not highlighted in the manifest. The local secrets file (~/.openclaw/secrets/health_tokens.json) is created and persisted (chmod 600 attempted). Because secrets are accessed and persisted, the declared requirements are insufficient and the requested privileges are more than the manifest implies.

Persistence & Privilegenote

The skill persists rotated tokens to a local JSON file (~/.openclaw/secrets/health_tokens.json) and will attempt 1Password writeback if OPENCLAW_1P_WRITEBACK=1 and 'op' is available. always:false and no special platform-wide modifications are requested. This is expected for an OAuth token-handling CLI, but it expands the blast radius if you enable 1Password writeback — exercise caution.

Guidance

This skill's code implements the described functionality, but the manifest omitted important operational requirements. Before installing or enabling it: - Assume this will read secrets from your 1Password vault (via the 'op' CLI) if available and from environment variables otherwise. The skill will persist rotated tokens to ~/.openclaw/secrets/health_tokens.json (it attempts chmod 600). - The skill can also write back refresh tokens to 1Password, but only if you set OPENCLAW_1P_WRITEBACK=1 and have the 'op' CLI and OP_SERVICE_ACCOUNT_TOKEN available — don't enable that flag unless you trust the code and its environment. - The registry metadata did not declare required binaries or env vars; you should verify and install the 'op' CLI yourself and provide only the minimum secrets needed. Consider using environment-only tokens or a dedicated vault/service-account with least privilege. - Review core/util/secrets.py and core/util/local_secrets.py to confirm they behave as you expect (they call subprocess.run('op') and atomically write a JSON file). - If you don't trust the code or the unknown source/owner, don't enable writeback and run the smoke test (./bin/smoke) in an isolated environment first. Ask the publisher for a canonical source repository or homepage before deploying it into production/automated cron jobs.

Latest Release

v1.0.0

Initial release: WHOOP, Oura, Withings connectors with unified reauth, local token persistence, and OpenClaw cron integration

More by @NathanielWeiner

OpenClaw Health

2 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @NathanielWeiner on ClawHub