Apple Health MCP
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: apple-health-mcp Version: 0.1.0 The skill bundle provides instructions for an AI agent to set up and use an MCP server for analyzing local Apple Health exports. It utilizes the 'apple-health-mcp-unofficial' package via npx and includes explicit safety guidelines regarding local-first privacy and the avoidance of secret exposure. No indicators of malicious intent, data exfiltration, or harmful prompt injection were found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup will execute code from the referenced package on the user's machine.
The setup path relies on an external npm package run through npx, and the reviewed artifact set contains only instructions, not the package code. This is purpose-aligned setup behavior, but the executable provenance is not reviewed here.
`npx -y apple-health-mcp-unofficial setup --export-path /path/to/export.zip`
Verify the npm package and linked repository before running it; consider pinning a trusted version instead of relying on the latest package.
The connected agent may be able to inspect and summarize personal health, activity, sleep, and workout history from the provided export.
The skill is explicitly designed to make private health information available to an agent as working context. This is disclosed and purpose-aligned, but health data is highly sensitive.
Read a local Apple Health export and expose activity, sleep, heart, HRV, workouts, and long-term trends to agents.
Use only an export you intend to share with the MCP client, keep transcripts private, and run the listed privacy-audit/status surfaces before asking broad health questions.