Health Guardian
ReviewAudited by ClawScan on May 10, 2026.
Overview
Health Guardian appears purpose-built for local health monitoring, but it needs review because it handles highly sensitive Apple Health data and its no-cloud privacy wording conflicts with its iCloud-sync setup.
Install only if you are comfortable giving the agent ongoing access to Apple Health exports. Confirm iCloud sync settings, where the local data directory is stored, who can read it, and how to disable the cron/heartbeat monitoring. Do not treat the skill as a substitute for medical or emergency care.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal health metrics may remain on disk and be reused by the agent over time.
The importer persists raw health readings under the skill's local data directory. This is expected for the health-monitoring purpose, but it creates a stored health-history dataset that other local processes or future agent tasks could access.
SKILL_DATA_PATH = Path(__file__).parent.parent / "data" ... vitals_path = SKILL_DATA_PATH / "vitals.json" ... existing["readings"].append(r)
Review the data directory permissions, retention expectations, and backup/cloud-sync behavior before enabling the skill.
A user may believe the whole workflow is strictly local even though the documented export flow uses iCloud Drive.
The setup explicitly relies on iCloud Drive sync, while the privacy section says 'Nothing leaves your machine' and 'No cloud.' For sensitive health data, that wording could mislead users about where data is stored or transmitted.
Configure: JSON format, iCloud Drive sync, hourly export ... **Privacy:** Nothing leaves your machine. No cloud. No telemetry.
Clarify that Health Auto Export/iCloud sync may place health data in Apple iCloud, and separately state whether the skill itself sends data to any third-party service.
The agent may continue importing and checking health data on a schedule after initial setup.
The skill asks the user to set up recurring hourly monitoring and heartbeat checks. This persistence is disclosed and aligned with proactive health monitoring, but it is still ongoing autonomous behavior.
"schedule": { "kind": "cron", "expr": "0 * * * *" },
"payload": { "kind": "systemEvent", "text": "Run health import and check for anomalies" }
...
Add to HeartbeatEnable the cron and heartbeat entries only if continuous monitoring is desired, and document how to disable them.