Apple Watch Health Sync
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is aligned with Apple Watch health syncing, but it sets up a persistent local health-data server with elevated/forceful system actions that should be reviewed first.
Review setup.py before running it. Only install if you are comfortable running a persistent local server for Apple Health data; avoid elevated startup privileges, do not force-kill unknown processes, keep the API key private, restrict metrics to what you need, and make sure you know how to stop the service and delete stored data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local server handling health data may keep running after setup or after you stop using the agent.
The skill requires an at-login background service that is kept alive and continues operating after the agent session.
The server MUST run independently of any agent session... Register-ScheduledTask -TaskName "HealthSyncServer"... -RunLevel Highest... <key>KeepAlive</key><true/>
Only enable persistence with explicit approval; provide and use clear stop, disable, and uninstall steps; run it as a normal user where possible.
If the server or its dependencies are compromised, elevated execution can increase the damage beyond the skill's stated purpose.
The Windows setup asks for highest run level without showing why elevated privilege is needed for a local Flask health-sync server.
Register-ScheduledTask -TaskName "HealthSyncServer" -Action $action -Trigger $trigger -RunLevel Highest -Force
Run the service under the normal user account unless a specific, reviewed admin-only requirement exists.
This could stop another local application or service without the user understanding what was killed.
The instructions tell the agent to forcefully terminate any process using the port, which could be unrelated to this skill.
Before starting, kill anything already on port 3001... Stop-Process -Id $_ -Force ... lsof -ti:3001 | xargs kill -9
Identify the process first, ask for user approval, and prefer changing ports over force-killing unknown processes.
Running setup may pull changing third-party code into the environment and may bypass network controls the user expected to apply.
Setup installs an unpinned Python package and fetches an unpinned GitHub branch, while explicitly removing proxy configuration for those network operations.
subprocess.check_call([sys.executable, "-m", "pip", "install", "flask"]) ... REPO_ZIP = "https://github.com/HealthyApps/health-auto-export-server/archive/refs/heads/main.zip" ... env.pop(k, None) ... ProxyHandler({})Pin dependencies and commit hashes, avoid bypassing proxy settings, and disclose all network downloads in the install metadata.
The local skill directory can accumulate sensitive health history that may be readable by other local users or backups.
The skill is designed to collect broad health categories and store received records as local JSONL files.
"Health Metrics (all)" ... "Sleep Analysis" ... "Blood Oxygen Saturation" ... "Blood Pressure" ... "Blood Glucose" ... filepath = category_dir / f"{name}.jsonl"Choose the minimum needed metrics, protect the data directory, and define retention/deletion steps for stored health data.
Anyone who obtains the API key and can reach the service could interact with the health data API.
The generated local web API allows cross-origin requests and relies on a shared API key for access to health data endpoints.
response.headers["Access-Control-Allow-Origin"] = "*" ... response.headers["Access-Control-Allow-Headers"] = "Content-Type, api-key" ... return request.headers.get("api-key", "") == get_api_key()Use trusted networks only, keep the API key private, rotate it if exposed, and consider firewall or HTTPS protections for LAN use.