Description

iOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging.

README (SKILL.md)

HealthKit Sync CLI

Name: HealthKit Sync
Author: mneves75

Securely sync Apple HealthKit data from iPhone to Mac over local network using mTLS.

When to Use This Skill

User asks about syncing health data from iPhone
User mentions healthsync CLI commands
User wants to fetch steps, heart rate, sleep, or workout data
User needs to pair a Mac with an iOS device
User asks about the iOS Health Sync project architecture
User mentions certificate pinning or mTLS patterns

CLI Quick Reference

Pairing Flow (First Time)

# 1. Discover devices on local network
healthsync discover

# 2. On iOS app: tap "Share" to generate QR code, then "Copy"
# 3. Scan QR from clipboard (Universal Clipboard)
healthsync scan

# Alternative: scan from image file
healthsync scan --file ~/Desktop/qr.png

Fetching Health Data

# Check connection status
healthsync status

# List enabled data types
healthsync types

# Fetch data as CSV (default)
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z --types steps

# Fetch multiple types as JSON
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z \
  --types steps,heartRate,sleepAnalysis --format json | jq

# Pipe to file
healthsync fetch --start 2026-01-01T00:00:00Z --end 2026-12-31T23:59:59Z \
  --types steps > steps.csv

Available Health Data Types

Activity: steps, distanceWalkingRunning, distanceCycling, activeEnergyBurned, basalEnergyBurned, exerciseTime, standHours, flightsClimbed, workouts

Heart: heartRate, restingHeartRate, walkingHeartRateAverage, heartRateVariability

Vitals: bloodPressureSystolic, bloodPressureDiastolic, bloodOxygen, respiratoryRate, bodyTemperature, vo2Max

Sleep: sleepAnalysis, sleepInBed, sleepAsleep, sleepAwake, sleepREM, sleepCore, sleepDeep

Body: weight, height, bodyMassIndex, bodyFatPercentage, leanBodyMass

Configuration

Config stored at ~/.healthsync/config.json (permissions: 0600):

{
  "host": "192.168.1.x",
  "port": 8443,
  "fingerprint": "sha256-certificate-fingerprint"
}

Token stored in macOS Keychain under service org.mvneves.healthsync.cli.

Security Architecture

Certificate Pinning

The CLI validates server certificates by SHA256 fingerprint (TOFU model):

First pairing stores fingerprint from QR code
Subsequent connections verify fingerprint matches
Mismatch = connection rejected (MITM protection)

Local Network Only

Host validation restricts connections to:

localhost, *.local domains
Private IPv4: 192.168.*, 10.*, 172.16-31.*
IPv6 loopback: ::1, link-local: fe80::

Keychain Storage

Tokens never stored in config file - always in Keychain with:

kSecAttrAccessibleWhenUnlocked protection class
Service: org.mvneves.healthsync.cli
Account: token-{host}

Project Structure

ai-health-sync-ios-clawdbot/
├── iOS Health Sync App/          # Swift 6 iOS app
│   ├── Services/Security/        # CertificateService, KeychainStore, PairingService
│   ├── Services/HealthKit/       # HealthKitService, HealthSampleMapper
│   ├── Services/Network/         # NetworkServer (TLS), HTTPTypes
│   └── Services/Audit/           # AuditService (SwiftData)
└── macOS/HealthSyncCLI/          # Swift Package CLI

Troubleshooting

"No devices found":

Ensure iOS app is running with sharing enabled
Both devices must be on same Wi-Fi network
Check firewall isn't blocking mDNS (port 5353)

"Pairing code expired":

Generate new QR code on iOS app (codes expire in 5 minutes)

"Certificate mismatch":

Delete ~/.healthsync/config.json and re-pair
Server certificate may have been regenerated

"Connection refused":

iOS app server may not be running
Run healthsync status --dry-run to test without connecting

This skill appears to be a straightforward CLI reference for a local HealthKit sync tool and is internally consistent with that purpose. Before installing/using it: (1) confirm you have the official 'healthsync' CLI from a trusted source and that the skill's documentation matches the installed binary (the skill metadata does not declare the healthsync binary dependency); (2) verify any QR codes or pairing codes come from your trusted iOS device before scanning; (3) ensure ~/.healthsync/config.json is permissioned 0600 and that tokens are stored only in the macOS Keychain as described; (4) if you want to prevent autonomous use, consider enabling a policy that disables model-driven invocation of skills or require explicit user invocation. If you need higher assurance, ask the publisher for the project's homepage or source code and verify release signatures or checksums.

Capability Analysis

Type: OpenClaw Skill Name: healthkit-sync Version: 1.0.0 The skill bundle is benign. All instructions and code snippets are directly related to the stated purpose of syncing iOS HealthKit data via the `healthsync` CLI, or for testing and debugging the skill itself. There is no evidence of intentional harmful behavior such as data exfiltration, malicious execution, persistence, or prompt injection against the agent. File system and process management commands (e.g., `ln -sf`, `pkill`, `cat`, `tail`) are used for local skill setup and diagnostics in `TESTING.md`, which is intended for human testers, not as instructions for the AI agent to execute maliciously. The `SKILL.md` provides clear, non-malicious guidance for the agent's use.

Capability Assessment

ℹ Purpose & Capability

The SKILL.md describes exactly a healthsync CLI helper (pairing, fetch commands, Keychain usage, config path). However, the registry metadata lists no required binaries even though the instructions assume a healthsync CLI is installed (~/.healthsync/config.json and commands like `healthsync fetch`). The lack of a declared required binary is a minor inconsistency.

✓ Instruction Scope

Instructions are limited to local pairing, using the healthsync CLI, reading/writing a config at ~/.healthsync/config.json, and storing tokens in the macOS Keychain. There are no instructions to read unrelated system files, environment variables, or to transmit data to external servers beyond the local network.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files, which is the lowest-risk installation profile. Nothing in the skill attempts to download or install third-party code.

✓ Credentials

The skill requests no environment variables or credentials in metadata. It documents Keychain usage for tokens (appropriate for this purpose) and a config path. There are no unexplained or excessive credential requests.

ℹ Persistence & Privilege

The skill does not set always:true (good). It also does not set disableModelInvocation, so the model could invoke the skill autonomously — this is common but worth noting if you want to restrict automatic use.

Version History

v1.0.0

Initial release of healthkit-sync - Provides CLI patterns for securely syncing Apple HealthKit data from iPhone to Mac over local network using mTLS. - Supports device pairing, certificate pinning, and Keychain storage for secure connections. - Includes commands for discovering devices, scanning pairing QR codes, and fetching health data (steps, heart rate, sleep, workouts, etc). - Documents available data types, config file details, and security architecture. - Offers troubleshooting tips and links to further references.

Metadata

Slug healthkit-sync

Version 1.0.0

License —

All-time Installs 27

Active Installs 27

Total Versions 1

Frequently Asked Questions

What is HealthKit Sync?

iOS HealthKit data sync CLI commands and patterns. Use when working with healthsync CLI, fetching Apple Health data (steps, heart rate, sleep, workouts), pairing iOS devices over local network, or understanding the iOS Health Sync project architecture including mTLS certificate pinning, Keychain storage, and audit logging. It is an AI Agent Skill for Claude Code / OpenClaw, with 3592 downloads so far.

How do I install HealthKit Sync?

Run "/install healthkit-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is HealthKit Sync free?

Yes, HealthKit Sync is completely free (open-source). You can download, install and use it at no cost.

Which platforms does HealthKit Sync support?

HealthKit Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created HealthKit Sync?

It is built and maintained by mneves75 (@mneves75); the current version is v1.0.0.

More Skills

HealthKit Sync