Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub Β· Developer Tools
WHOOP Central
WHOOP Central - OAuth + scripts to fetch WHOOP data (sleep, recovery, strain, workouts). Use when user asks about their sleep, recovery score, HRV, strain, or workout data.
skill openclawclawhub Free
WHOOP Central - OAuth + scripts to fetch WHOOP data (sleep, recovery, strain, workouts). Use when user asks about their sleep, recovery score, HRV, strain, or workout data.
β¬ 0 downloads β
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, credentials.example.json, package.json, src/auth.js, src/import-historical.js, src/recovery.js
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.2
Provenance
- Publisher
- 4xiomdev
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
WHOOP Central
Access sleep, recovery, strain, and workout data from WHOOP via the v2 API.
Quick Commands
# 1) One-time setup (writes ~/.clawdbot/whoop/credentials.json) node src/setup.js # 2) Recommended: Get tokens via Postman (see Auth section), then verify node src/verify.js node src/verify.js --refresh # Prompt-friendly snapshot (includes last workout) node src/today.js # Daily summary (all metrics) node src/summary.js # Individual metrics node src/recovery.js node src/sleep.js node src/strain.js node src/workouts.js # Bulk import to ~/clawd/health/logs/whoop/* node src/import-historical.js
Data Available
MetricData PointsRecoveryScore (0-100%), HRV, resting HR, SpO2, skin tempSleepDuration, stages (REM/deep/light), efficiency, performanceStrainDaily strain (0-21), calories, avg/max HRWorkoutsActivity type, duration, strain, calories, HR
Recovery Score Guide
π 67-100% Green - Ready to perform π 34-66% Yellow - Moderate readiness β€οΈ 0-33% Red - Focus on recovery
0. Requirements
Node.js 18+ (this repo uses ESM) openssl (only needed for the optional auth.js flow when using https://localhost; Postman auth does not need it)
1. Create WHOOP Developer App
Go to https://developer.whoop.com/ Sign in with your WHOOP account Create a new App Add these Redirect URIs (exact match; no extra trailing slashes): Postman browser callback (recommended auth path): https://oauth.pstmn.io/v1/browser-callback Optional local callback (only used by auth.js): https://localhost:3000/callback You can keep both registered at the same time. Copy the Client ID and Client Secret Team note: this skill does not ship any client credentials. Each user can create their own WHOOP app, or (if you trust each other) a team can share one app's client_id/client_secret and let multiple WHOOP accounts authorize it.
2. Save Credentials (recommended: interactive)
Run: node src/setup.js This writes ~/.clawdbot/whoop/credentials.json (and optionally token.json if you paste tokens).
3. Authenticate (Recommended: Postman)
Postman is the most reliable bootstrap for many accounts because WHOOP may block browser-like traffic to the OAuth endpoints (or behave differently depending on headers). Postman checklist (donβt skip these): WHOOP dashboard Redirect URIs include: https://oauth.pstmn.io/v1/browser-callback Postman OAuth settings: Scopes include offline (or you wonβt get a refresh_token) Client Authentication is Send client credentials in body (client_secret_post) In WHOOP dashboard, ensure you registered the Postman callback Redirect URI: https://oauth.pstmn.io/v1/browser-callback In Postman: Create an Environment and set variables: ClientId = your WHOOP client id ClientSecret = your WHOOP client secret Open the WHOOP API collection (or any request), then open the Authorization tab: Type: OAuth 2.0 Add auth data to: Request Headers Grant Type: Authorization Code Callback URL: check Authorize using browser Auth URL: https://api.prod.whoop.com/oauth/oauth2/auth Access Token URL: https://api.prod.whoop.com/oauth/oauth2/token Client ID: {{ClientId}} Client Secret: {{ClientSecret}} Scope (space-delimited): include offline plus any read scopes you need, e.g.: offline read:profile read:sleep read:recovery read:workout read:cycles read:body_measurement State: any 8+ chars (e.g. loomingState) Client Authentication: Send client credentials in body Click "Get New Access Token", sign in to WHOOP, and click "Grant". In Postmanβs "Manage Access Tokens" modal: Click "Use Token" (so requests work) IMPORTANT: copy and save both: access_token refresh_token Postman often does not retain the refresh token for you later. Save tokens to ~/.clawdbot/whoop/token.json: Use token.example.json as a template Set: obtained_at to current time in milliseconds redirect_uri to: https://oauth.pstmn.io/v1/browser-callback Verify (and test refresh): node src/verify.js node src/verify.js --refresh
4. Optional: Authenticate via auth.js (may fail on some accounts)
If you prefer a fully local OAuth loop (and WHOOP allows it), you can use auth.js. Pre-req: add this redirect URI in WHOOP dashboard: https://localhost:3000/callback Run: WHOOP_REDIRECT_URI='https://localhost:3000/callback' node src/auth.js If you need to do it from a phone/remote device: WHOOP_REDIRECT_URI='https://localhost:3000/callback' node src/auth.js --manual Note: for localhost HTTPS, the script generates a self-signed cert and your browser will show a TLS warning. You must proceed past the warning so the redirect can complete.
4. Verify It Works
node src/verify.js node src/summary.js
Browser shows NotAuthorizedException before the login page
This is a WHOOP-side block on browser User-Agents hitting api.prod.whoop.com OAuth endpoints. Use the updated node src/auth.js which bootstraps the login URL and sends your browser directly to id.whoop.com. If you still see it, try node src/auth.js --manual and open the printed URL.
"redirect_uri not whitelisted"
Go to https://developer.whoop.com/ Edit your app Ensure this EXACT URI is in Redirect URIs: https://oauth.pstmn.io/v1/browser-callback If you're using auth.js locally, also add: https://localhost:3000/callback Save and try again
Token Expired
Tokens auto-refresh on demand (no cron needed). If issues persist: rm ~/.clawdbot/whoop/token.json node src/auth.js
"Authorization was not valid"
This usually means your access token is stale/invalidated (common if you re-auth or refresh tokens elsewhere; WHOOP refresh tokens rotate). Re-run node src/auth.js, or Copy the latest access_token + refresh_token from Postman into ~/.clawdbot/whoop/token.json and update obtained_at.
Auth from Phone/Remote Device
Use manual mode: node src/auth.js --manual Open the URL on any device, authorize, then copy the code from the callback URL.
error=request_forbidden / "The request is not allowed"
This is WHOOP rejecting the authorization request after login/consent. Common causes: Redirect URI policy (WHOOP docs only mention https:// or whoop:// redirect URIs) App/account restrictions (membership/approval/test-user restrictions) Scope restrictions (try requesting fewer scopes) If you suspect redirect URI policy, use an HTTPS tunnel: # 1) Get a public HTTPS URL that forwards to localhost:3000 (example) ngrok http 3000 # 2) Add the ngrok HTTPS URL + /callback to WHOOP dashboard Redirect URIs, then run: WHOOP_REDIRECT_URI=https://YOUR-NGROK-DOMAIN.ngrok-free.app/callback node src/auth.js If you suspect scope restrictions, try a minimal scope set: WHOOP_SCOPES="read:profile" node src/auth.js
If your WHOOP Redirect URL is https://localhost:3000/callback
This changes how the local callback server must run: it must be HTTPS (not HTTP). The script supports this. Run: WHOOP_REDIRECT_URI=https://localhost:3000/callback node src/auth.js It will generate a self-signed cert locally and your browser will likely show a warning for https://localhost. Proceed past the warning so the redirect can complete.
JSON Output (for tooling)
These commands support: --json (single JSON blob) --jsonl (one JSON object per line; useful for piping) --limit N (where supported) Time filters (where supported): --days N, --since 7d / 12h, --start ISO, --end ISO node src/summary.js --json node src/recovery.js --json --limit 1 node src/sleep.js --json --limit 1 node src/strain.js --json --limit 1 node src/workouts.js --json --limit 1 # Examples with filters node src/sleep.js --json --days 7 node src/workouts.js --jsonl --since 30d node src/recovery.js --json --start 2026-01-01T00:00:00Z --end 2026-02-01T00:00:00Z
API Notes
Uses WHOOP Developer API v2 OAuth 2.0 authentication with refresh tokens Scopes: offline, read:recovery, read:sleep, read:workout, read:cycles, read:profile Token auto-refreshes when expired
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Scripts2 Config1 Docs
- SKILL.md
- src/auth.js
- src/import-historical.js
- src/recovery.js
- credentials.example.json
- package.json