ClawHub

HealthKit Sync

v1.0.0

iOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging.

12· 3.4k·27 current·27 all-time
by@mneves75
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes exactly a healthsync CLI helper (pairing, fetch commands, Keychain usage, config path). However, the registry metadata lists no required binaries even though the instructions assume a healthsync CLI is installed (~/.healthsync/config.json and commands like `healthsync fetch`). The lack of a declared required binary is a minor inconsistency.
Instruction Scope
Instructions are limited to local pairing, using the healthsync CLI, reading/writing a config at ~/.healthsync/config.json, and storing tokens in the macOS Keychain. There are no instructions to read unrelated system files, environment variables, or to transmit data to external servers beyond the local network.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which is the lowest-risk installation profile. Nothing in the skill attempts to download or install third-party code.
Credentials
The skill requests no environment variables or credentials in metadata. It documents Keychain usage for tokens (appropriate for this purpose) and a config path. There are no unexplained or excessive credential requests.
Persistence & Privilege
The skill does not set always:true (good). It also does not set disableModelInvocation, so the model could invoke the skill autonomously — this is common but worth noting if you want to restrict automatic use.
Assessment
This skill appears to be a straightforward CLI reference for a local HealthKit sync tool and is internally consistent with that purpose. Before installing/using it: (1) confirm you have the official 'healthsync' CLI from a trusted source and that the skill's documentation matches the installed binary (the skill metadata does not declare the healthsync binary dependency); (2) verify any QR codes or pairing codes come from your trusted iOS device before scanning; (3) ensure ~/.healthsync/config.json is permissioned 0600 and that tokens are stored only in the macOS Keychain as described; (4) if you want to prevent autonomous use, consider enabling a policy that disables model-driven invocation of skills or require explicit user invocation. If you need higher assurance, ask the publisher for the project's homepage or source code and verify release signatures or checksums.

Like a lobster shell, security has layers — review code before you run it.

healthvk97113ehj12xwxe1t6gbs6ak217yv93rhealthkitvk97113ehj12xwxe1t6gbs6ak217yv93riosvk97113ehj12xwxe1t6gbs6ak217yv93rlatestvk97113ehj12xwxe1t6gbs6ak217yv93rmacosvk97113ehj12xwxe1t6gbs6ak217yv93r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments