pp-whoop

SUSPICIOUS: the stated purpose is a WHOOP CLI wrapper, but it depends on an externally installed CLI whose official provenance is not established here, then feeds it WHOOP tokens and sensitive health/profile data. Arbitrary webhook delivery and MCP installation further broaden trust and exfiltration surface beyond a narrowly scoped API skill.