HealthKit Sync
PassAudited by ClawScan on May 1, 2026.
Overview
HealthKit Sync is a documentation-only guide for a HealthSync CLI, with sensitive health-data and pairing-token workflows clearly disclosed.
This skill appears coherent and documentation-only. Before using it, verify the healthsync CLI source, pair only devices you control, keep exported health CSV/JSON files private, and remove the local config or Keychain token if you want to revoke access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the example commands can create files containing private health data.
The skill gives user-directed CLI examples that can export health data to a local file; this is expected for the sync purpose but the output is sensitive.
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z \ --types steps > steps.csv
Run fetch commands only for the date ranges and data types you need, and store or share exported CSV/JSON files carefully.
A paired Mac may continue to access permitted HealthKit data until the token is removed or expires according to the underlying app behavior.
The pairing workflow creates a bearer token for future access to the paired iOS device; the storage location is disclosed and purpose-aligned.
Token stored in macOS Keychain under service `org.mvneves.healthsync.cli`.
Pair only trusted devices, keep the Mac account protected, and remove the HealthSync config/Keychain item if you no longer want the pairing.
Users cannot verify the referenced project or CLI source directly from the registry metadata.
The skill package is instruction-only and does not install code, but the registry metadata does not provide provenance for the skill or the external CLI it documents.
Source: unknown Homepage: none
Install or run the healthsync CLI only from a source you trust, and confirm it matches the documented security behavior.
Private health samples may move from the phone into terminal output or files on the Mac.
The documented workflow transfers HealthKit samples from the iOS app to the macOS CLI over a device-to-device channel; the same artifacts describe TLS, certificate pinning, and local-network limits.
Health Data Fetch ... POST /health/data ... Query HealthKit ... Return samples ... Format as CSV/JSON
Use trusted local networks, verify pairing prompts, and avoid sending exported health data to chats, logs, or shared folders unless intended.