Wellness Hub
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Connecting providers may let source integrations access sleep, activity, vitals, body metrics, or workout data.
The skill expects users to authorize health services or device aggregators, which is normal for the wellness purpose but grants access to sensitive account/device data.
Guides users to add data sources via official personal OAuth/API keys (Tier 1) or via phone OS health aggregators like Apple Health / Android Health Connect (Tier 2).
Authorize only the sources you trust, use the minimum scopes offered by each provider, and review each installed source skill separately.
Installing source skills can expand what the agent can access or do, especially if those integrations request credentials or account permissions.
The hub delegates actual provider connections to other ClawHub skills. That is purpose-aligned, but those separate skills are not reviewed in these artifacts.
Install the source skill(s) (via `clawhub install <slug>`), then run the source skill’s connect/fetch workflow.
Approve each source-skill install explicitly and review its metadata, permissions, and credential handling before connecting health accounts.
Anyone who gets the tunnel URL and token could submit data to the bridge and potentially pollute wellness summaries.
The phone-to-bridge workflow exposes a local health-data ingest endpoint through a public tunnel, protected by a bearer token.
The bridge is a small local HTTP server running on your OpenClaw machine. A tunnel (Cloudflare Tunnel or ngrok) exposes it as a public HTTPS URL.
Keep the tunnel URL and token private, rotate the token if exposed, and stop the tunnel/server when not syncing.
Sensitive wellness data remains on disk and may later be included in digests or agent context.
The bridge persistently stores complete health payloads, including any optional fields the phone exporter sends.
The bridge will store the full JSON as-is.
Store the bridge directory somewhere private, periodically delete old payloads if you do not need them, and avoid sending freeform notes or unnecessary health fields.
If scheduled, the workflow may continue processing health data after the initial setup.
The skill supports scheduled recurring digest generation, which is expected for daily wellness summaries but creates ongoing activity if enabled.
Render a digest and optionally schedule it via cron
Only enable scheduling if you want recurring digests, and document how to disable the cron job or phone automation later.