OpenClaw logo
OpenClaw Skills
skills$openclaw/healthkit-sync
mneves757.6k

by mneves75

healthkit-sync – OpenClaw Skill

healthkit-sync is an OpenClaw Skills integration for security workflows. iOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging.

7.6k stars4.2k forksSecurity L1
Updated Feb 7, 2026Created Feb 7, 2026security

Skill Snapshot

namehealthkit-sync
descriptioniOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging. OpenClaw Skills integration.
ownermneves75
repositorymneves75/healthkit-sync
languageMarkdown
licenseMIT
topics
securityL1
installopenclaw add @mneves75/healthkit-sync
last updatedFeb 7, 2026

Maintainer

mneves75

mneves75

Maintains healthkit-sync in the OpenClaw Skills directory.

View GitHub profile
File Explorer
7 files
.
references
ARCHITECTURE.md
6.3 KB
CLI-REFERENCE.md
3.9 KB
SECURITY.md
4.8 KB
_meta.json
282 B
SKILL.md
4.5 KB
TESTING.md
5.7 KB
SKILL.md

name: healthkit-sync description: iOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging. license: Apache-2.0 compatibility: macOS with healthsync CLI installed (~/.healthsync/config.json) metadata: category: development platforms: ios,macos author: mneves

HealthKit Sync CLI

Securely sync Apple HealthKit data from iPhone to Mac over local network using mTLS.

When to Use This Skill

  • User asks about syncing health data from iPhone
  • User mentions healthsync CLI commands
  • User wants to fetch steps, heart rate, sleep, or workout data
  • User needs to pair a Mac with an iOS device
  • User asks about the iOS Health Sync project architecture
  • User mentions certificate pinning or mTLS patterns

CLI Quick Reference

Pairing Flow (First Time)

# 1. Discover devices on local network
healthsync discover

# 2. On iOS app: tap "Share" to generate QR code, then "Copy"
# 3. Scan QR from clipboard (Universal Clipboard)
healthsync scan

# Alternative: scan from image file
healthsync scan --file ~/Desktop/qr.png

Fetching Health Data

# Check connection status
healthsync status

# List enabled data types
healthsync types

# Fetch data as CSV (default)
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z --types steps

# Fetch multiple types as JSON
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z \
  --types steps,heartRate,sleepAnalysis --format json | jq

# Pipe to file
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z \
  --types steps > steps.csv

Available Health Data Types

Activity: steps, distanceWalkingRunning, distanceCycling, activeEnergyBurned, basalEnergyBurned, exerciseTime, standHours, flightsClimbed, workouts

Heart: heartRate, restingHeartRate, walkingHeartRateAverage, heartRateVariability

Vitals: bloodPressureSystolic, bloodPressureDiastolic, bloodOxygen, respiratoryRate, bodyTemperature, vo2Max

Sleep: sleepAnalysis, sleepInBed, sleepAsleep, sleepAwake, sleepREM, sleepCore, sleepDeep

Body: weight, height, bodyMassIndex, bodyFatPercentage, leanBodyMass

Configuration

Config stored at ~/.healthsync/config.json (permissions: 0600):

{
  "host": "192.168.1.x",
  "port": 8443,
  "fingerprint": "sha256-certificate-fingerprint"
}

Token stored in macOS Keychain under service org.mvneves.healthsync.cli.

Security Architecture

Certificate Pinning

The CLI validates server certificates by SHA256 fingerprint (TOFU model):

  1. First pairing stores fingerprint from QR code
  2. Subsequent connections verify fingerprint matches
  3. Mismatch = connection rejected (MITM protection)

Local Network Only

Host validation restricts connections to:

  • localhost, *.local domains
  • Private IPv4: 192.168.*, 10.*, 172.16-31.*
  • IPv6 loopback: ::1, link-local: fe80::

Keychain Storage

Tokens never stored in config file - always in Keychain with:

  • kSecAttrAccessibleWhenUnlocked protection class
  • Service: org.mvneves.healthsync.cli
  • Account: token-{host}

Project Structure

ai-health-sync-ios-clawdbot/
├── iOS Health Sync App/          # Swift 6 iOS app
│   ├── Services/Security/        # CertificateService, KeychainStore, PairingService
│   ├── Services/HealthKit/       # HealthKitService, HealthSampleMapper
│   ├── Services/Network/         # NetworkServer (TLS), HTTPTypes
│   └── Services/Audit/           # AuditService (SwiftData)
└── macOS/HealthSyncCLI/          # Swift Package CLI

Troubleshooting

"No devices found":

  • Ensure iOS app is running with sharing enabled
  • Both devices must be on same Wi-Fi network
  • Check firewall isn't blocking mDNS (port 5353)

"Pairing code expired":

  • Generate new QR code on iOS app (codes expire in 5 minutes)

"Certificate mismatch":

  • Delete ~/.healthsync/config.json and re-pair
  • Server certificate may have been regenerated

"Connection refused":

  • iOS app server may not be running
  • Run healthsync status --dry-run to test without connecting

See Also

README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

### Certificate Pinning The CLI validates server certificates by SHA256 fingerprint (TOFU model): 1. First pairing stores fingerprint from QR code 2. Subsequent connections verify fingerprint matches 3. Mismatch = connection rejected (MITM protection) ### Local Network Only Host validation restricts connections to: - `localhost`, `*.local` domains - Private IPv4: `192.168.*`, `10.*`, `172.16-31.*` - IPv6 loopback: `::1`, link-local: `fe80::` ### Keychain Storage Tokens never stored in config file - always in Keychain with: - `kSecAttrAccessibleWhenUnlocked` protection class - Service: `org.mvneves.healthsync.cli` - Account: `token-{host}`

Requirements

  • OpenClaw CLI installed and configured.
  • Language: Markdown
  • License: MIT
  • Topics:

Configuration

Config stored at `~/.healthsync/config.json` (permissions: 0600): ```json { "host": "192.168.1.x", "port": 8443, "fingerprint": "sha256-certificate-fingerprint" } ``` Token stored in macOS Keychain under service `org.mvneves.healthsync.cli`.

FAQ

How do I install healthkit-sync?

Run openclaw add @mneves75/healthkit-sync in your terminal. This installs healthkit-sync into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/mneves75/healthkit-sync. Review commits and README documentation before installing.