Health Guardian
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears local and purpose-aligned, but it handles sensitive health data and its promised proactive alerting does not match the included implementation, so it needs careful review before relying on it.
Install only if you are comfortable with local processing of sensitive Apple Health data. Before using it for caregiving, test the import and analysis scripts end-to-end, fix the vitals.json/readings.json mismatch, protect the data directory, and do not rely on it as a medical alert system without independent validation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A caregiver or agent could over-rely on the skill and miss health anomalies because the documented import/analyze/alert path may not work as described.
This high-reliance health-safety claim is not matched by the included scripts: the importer writes vitals.json, the analyzer reads readings.json, no Telegram/caregiver notification implementation is present, and a referenced summary script is missing. Users could believe an end-to-end alerting workflow exists when it may not.
Proactive health intelligence for AI agents. Track vitals, detect patterns, alert on anomalies.
Treat this as experimental until you test the full workflow with sample data, fix the data-file mismatch, and either implement or remove claims about proactive external alerts.
Anyone with access to the skill directory could potentially read private health history and inferred baselines.
The skill intentionally persists longitudinal health records. This is expected for health monitoring and no exfiltration is shown, but the data is sensitive and may be reused by future agent runs.
All data stays local in `data/`: - `readings.json` — raw metric values with timestamps - `baselines.json` — calculated normal ranges per metric
Store the data directory in a protected location, confirm the human consents to monitoring, and add clear retention/deletion practices.
The agent may continue processing health data on a schedule after setup until the cron entry is removed.
The skill recommends recurring hourly agent activity. It is disclosed and user-configured, but it creates ongoing autonomous monitoring behavior.
"schedule": { "kind": "cron", "expr": "0 * * * *" }, "payload": { "kind": "systemEvent", "text": "Run health import and check for anomalies" }Only add the cron entry if you want continuous monitoring, and document how to pause or remove it.
A documented command may fail or require an unreviewed external file if the user tries to obtain it elsewhere.
The provided manifest and file contents do not include scripts/summary.py. This is a packaging/completeness gap rather than evidence of malicious behavior.
### `scripts/summary.py` Generates human-readable health summary.
Use only the included scripts unless you independently review any missing or replacement files.