Apple Health MCP
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup will execute code from the referenced package on the user's machine.
The setup path relies on an external npm package run through npx, and the reviewed artifact set contains only instructions, not the package code. This is purpose-aligned setup behavior, but the executable provenance is not reviewed here.
`npx -y apple-health-mcp-unofficial setup --export-path /path/to/export.zip`
Verify the npm package and linked repository before running it; consider pinning a trusted version instead of relying on the latest package.
The connected agent may be able to inspect and summarize personal health, activity, sleep, and workout history from the provided export.
The skill is explicitly designed to make private health information available to an agent as working context. This is disclosed and purpose-aligned, but health data is highly sensitive.
Read a local Apple Health export and expose activity, sleep, heart, HRV, workouts, and long-term trends to agents.
Use only an export you intend to share with the MCP client, keep transcripts private, and run the listed privacy-audit/status surfaces before asking broad health questions.