Back to skill
Skillv1.0.0
ClawScan security
Health Data · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 6:36 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose of locally parsing Apple Health exports; nothing in the bundle tries to exfiltrate data or access unrelated systems, though the registry metadata doesn't list the required CLI dependencies.
- Guidance
- This skill appears to do what it says: parse Apple Health export XML locally. Before installing or running it: 1) Ensure your environment has xmlstarlet, jq, and unzip installed (the registry metadata should be updated to list these). 2) Only run the script on exports you control; Health exports contain PHI/PII—do not upload the zip or paste raw XML/derived records to cloud services without consent. 3) When using --out, choose a safe path (the script creates the file with 600 perms, but avoid shared folders or symlink targets). 4) Review the bundled health-data.sh yourself (it is short and readable) and test with a non-sensitive sample export first. If you need the skill to run autonomously, consider the operational risk that it will process PHI whenever invoked and ensure appropriate policy/consent is in place.
Review Dimensions
- Purpose & Capability
- noteThe name/description and the included health-data.sh script are coherent: the script parses Apple Health export XML and summarizes or emits JSON. One small mismatch: the registry lists no required binaries, but both SKILL.md and the script clearly require xmlstarlet, jq, and unzip. This is an administrative/metadata discrepancy (not evidence of malicious behavior) and should be corrected so installers know to provide these tools.
- Instruction Scope
- okSKILL.md instructs the agent to operate locally on an export.zip or exported folder, warns about PHI/PII, and explicitly tells the user not to upload or publish raw exports. The script only reads the specified export path, extracts export.xml to a temporary file (via mktemp + unzip -p), processes it with xmlstarlet/jq, and cleans up on EXIT. It does not read other system files, environment variables, or perform network calls. Minor operational note: writing an --out file will truncate/create the target; users should avoid pointing --out at shared or sensitive locations without verifying ownership/permissions.
- Install Mechanism
- okThere is no install spec (instruction-only + a bundled shell script). Nothing is downloaded or installed by the skill itself, which keeps install risk low. The only runtime requirement is that the local environment has xmlstarlet, jq, and unzip available.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The script only accesses the user-supplied export path and an optional output path; this is proportional to its purpose. No secrets or unrelated credentials are requested.
- Persistence & Privilege
- okThe skill is not marked always:true and does not modify persistent agent configuration or other skills. Temporary files are cleaned up via a trap on EXIT. The only possible persistence is an explicit --out file the user asks the script to create (the script intentionally enforces 600 permissions).