ClawHub

Apple Health Sync

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive Apple Health data, but the artifacts disclose that behavior and keep it tied to onboarding, encrypted sync, local storage, summaries, and device unlinking.

Install only on a trusted machine and treat ~/.apple-health-sync as sensitive because it can contain private keys and health-derived records. Be careful with backups, shared accounts, screen sharing, and the --save option, since saved summaries may expose personal health information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly performs sensitive operations including shell execution, local file read/write, persistent state handling, and network interactions, yet declares no permissions. This creates a transparency and consent gap: a user or platform may authorize the skill based on an incomplete trust model while it handles keys and health data locally and communicates externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description says the skill syncs encrypted Apple Health data, but the documented behavior is materially broader: it generates and stores cryptographic keys, creates onboarding artifacts, unlinks devices, persists health data in local databases/files, and produces summaries. This mismatch can mislead users and reviewers about the sensitivity and scope of processing, increasing the risk of overbroad trust and under-informed consent for medical data handling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script can persist derived Apple Health summaries to an arbitrary file via --save without any warning, consent check, or protective handling, even though the output includes sensitive health-related metrics and record identifiers. In this skill’s context, the data is explicitly Apple Health data, so silently writing summaries to disk increases the chance of unintended long-term local exposure through backups, shared machines, weak filesystem permissions, or later exfiltration by other processes.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
Legacy challenge signing writes challenge material and signatures to named temporary files on disk, which can increase exposure of sensitive data to other local processes, backups, or forensic recovery. In a health-data sync context, even ancillary authentication material should be handled in memory where possible, especially on shared or weakly isolated systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Legacy RSA decryption writes encrypted input and decrypted plaintext chunks to temporary files, creating a local confidentiality risk because plaintext may be recoverable from disk, temporary storage, backups, or endpoint monitoring. In the Apple Health sync context, decrypted content may contain sensitive health data, making disk exposure significantly more dangerous than in a generic non-sensitive application.

Session Persistence

Medium
Category
Rogue Agent
Content
After skill installation, propose to start with the initialization of the skill and onboarding of the iOS app.

Steps to create an end-to-end encrypted OpenClaw <> iOS Apple Health workflow:

1. Initialize local runtime, keys, and onboarding payload.
2. Offer the user onboarding transport options: QR Code or Hex.
Confidence
80% confidence
Finding
create an end-to-end encrypted OpenClaw <> iOS Apple Health workflow: 1. Initialize local runtime, keys, and onboarding payload. 2. Offer the user onboarding transport options: QR Code or Hex. 3. Pre

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal