Nori Health
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent health-coaching relay, but it sends health-related messages to Nori using a Nori API key and the registry does not fully declare those requirements.
Install or use this only if you intend Nori to receive your health-related prompts and use your connected wearable, nutrition, workout, weight, and lab data for coaching. Keep the Nori API key private, review Nori's privacy practices, and do not rely on this skill for medical diagnosis, prescriptions, or emergencies.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your health questions and related Nori account context may be processed by Nori's service.
The skill sends health-related user messages to an external provider that may use connected personal health data. This is expected for the skill, but it is sensitive.
Send health questions to Nori and return the response. Nori analyzes data from wearables ... meals, workouts, weight, and lab results.
Use the skill only if you are comfortable with Nori receiving these health prompts and connected health context; review Nori's privacy and data-retention practices.
Anyone with the API key may be able to access the Nori integration under your account's permissions.
The integration uses a bearer API key for the user's Nori account. This is purpose-aligned, but the key is sensitive account authority.
export NORI_API_KEY="nori_your_key_here" ... -H "Authorization: Bearer $NORI_API_KEY"
Keep the API key secret, store it only in trusted configuration, and revoke or rotate it from the Nori app if exposed.
An install or review UI may not clearly warn that the skill needs curl, jq, and a Nori API key.
The registry-level requirement declarations do not match the skill's own stated dependency and credential needs.
Registry: "Required env vars: none" and "Primary credential: none"; SKILL.md: "requires":{"env":["NORI_API_KEY"],"bins":["curl","jq"]}The publisher should align registry metadata with SKILL.md so users see the credential and binary requirements before use.
Health-coaching responses from Nori may be shown directly as plain text.
The skill makes the external provider's reply the direct user-facing output. This is consistent with a relay skill, but it reduces agent-side interpretation or cautionary framing.
Return Nori's reply verbatim. Do not reformat, summarize, or add commentary.
Do not use this for diagnosis, prescriptions, or emergencies; follow the skill's own guidance to seek medical or emergency help when appropriate.