whoop
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts for authentication and data retrieval from the vendor-specific directory /home/node/thinkfleet/skills/whoop/bin/.
- [CREDENTIALS_UNSAFE]: To enable the integration, the skill instructs users to store sensitive API credentials and refresh tokens within a local environment configuration file at ~/.thinkfleet/.env.
- [SAFE]: All external network activity is restricted to the official WHOOP production API (api.prod.whoop.com), which is the standard and expected service for this integration.
Audit Metadata