Samsung Health
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for analyzing Samsung Health backups, but users should notice that it handles sensitive health data through Google Drive and asks them to install external GitHub code.
This appears to be a purpose-aligned Samsung Health analysis skill. Before installing, make sure you trust the GitHub repository, understand the Google Drive permissions used by gog, and are comfortable with sensitive health data being downloaded and summarized in your local workspace.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could run third-party Python package code on the user's machine.
The skill directs installation of code from an external GitHub repository, but the reviewed artifact set only includes SKILL.md. This is purpose-aligned for a CLI skill, yet users must trust code that was not included in this review.
git clone https://github.com/mudgesbot/samsung-health-skill.git ... pip install -e .
Inspect the GitHub repository before installing, use a virtual environment as documented, and only install from the expected repository.
The tool can use the configured Google Drive access path to retrieve the health backup file.
The skill relies on a Google Drive account and folder ID to access the Samsung Health backup. This is expected for the stated purpose, but it is still account-linked access to private data.
`gog` CLI for Google Drive access ... account: "your.email@gmail.com" ... folder_id: "YOUR_FOLDER_ID"
Use the intended Google account, keep the folder ID limited to the health backup location, and review gog permissions before use.
Sleep, activity, heart rate, SpO2, workout, and daily health information may be processed and displayed.
The skill downloads and analyzes sensitive health records and can produce summaries or JSON output. This handling is central to the skill, but users should understand that private health context may enter local files and agent-visible outputs.
Analyze health data ... sleep analysis, step counting, heart rate monitoring, SpO2 ... `shealth sync # Download latest from Google Drive`
Only run it in a trusted workspace, avoid sharing generated reports unintentionally, and remove local synced data if it is no longer needed.