healthsync
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent read-only Apple Health query skill, but it handles very sensitive health data and asks users to install an external, unpinned CLI tool.
Install this only if you trust the external healthsync CLI and are comfortable letting your agent query your Apple Health export. Keep queries narrow, avoid unnecessary CSV/JSON dumps, and remember that health data shown in chat may be stored in conversation history or logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may read and display private health metrics, sleep history, workouts, and body measurements.
The skill is designed to retrieve detailed personal health records into the agent’s working context. This is purpose-aligned, but the data is sensitive.
Queries Apple Health data stored in a local SQLite database... read heart rate, steps, SpO2, VO2 Max, sleep, workouts...
Use the skill only for specific health-data questions, limit date ranges and output size, and avoid sharing resulting chats or logs if they contain health information.
Installing the external binary can run code from outside this skill package on your machine.
The setup instructions rely on an external installer script or an unpinned latest Go package. This is common for CLI tools and user-directed, but the code is not included in the reviewed artifacts.
curl -fsSL https://healthsync.sidv.dev/install | bash # Or via Go go install github.com/BRO3886/healthsync@latest
Review or verify the upstream project and installer before running it; prefer pinned versions or checksums when available.
A careless or incorrect query could expose more health data than intended in the conversation.
The skill permits direct SQLite queries, which is powerful, but it explicitly scopes usage to read-only health-data analysis.
Use direct SQLite for complex aggregations, joins, or custom SQL... READ ONLY — You must NEVER write to the database.
Ask for narrow queries, confirm date ranges and fields before large exports, and keep the read-only constraint in place.