← Back to Skills Marketplace

Test Skill Xyz999

Name: Test Skill Xyz999
Author: crxiaobailiu-gif

by crxiaobailiu-gif · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

239

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install test-skill-xyz999

Description

Connect your iPhone/Apple Watch Apple Health data to OpenClaw via a local webhook to analyze recovery, detect anomalies, and get health alerts.

Usage Guidance

Before installing or running this skill: - Do not run `npx healthclaw-webhook-server` unless you inspect the package source and trust its maintainer. npx will fetch and execute code from npm at runtime. - The SKILL.md references ADMIN_TOKEN and other environment variables but the registry declared none — treat admin tokens and stored pairing tokens as sensitive secrets; ensure they are generated and stored securely, and rotate them if you suspect they were exposed. - Exposing your webhook to the public internet (Tailscale Funnel / cloudflared / ngrok) is necessary for mobile sync but increases risk. Prefer Tailscale Funnel (as suggested) or verify TLS and access controls; avoid exposing the server without authentication. - Verify the iOS app provenance (TestFlight/App Store listing and developer identity) before pairing — you will be accepting data from that app. - Review where notifications go (Discord/webhook) and confirm any notification credentials are stored and used safely. - Prefer running the server on a throwaway machine or in an isolated environment until you can audit the upstream package. If possible, request an upstream repository, release hashes, or vendor the code so you can audit it before executing. If you cannot inspect and trust the webhook package and the iOS app, treat this skill as high-risk and do not expose sensitive health data to it.

Capability Analysis

Type: OpenClaw Skill Name: test-skill-xyz999 Version: 1.0.0 The HealthClaw skill is a well-documented tool designed to integrate Apple Health data with an OpenClaw agent via a local webhook server and an iOS companion app. The skill instructions (SKILL.md) and example task prompts (health-alerts.md, recovery-score.md) are clearly aligned with the stated purpose of calculating health metrics and recovery scores. While the setup involves potentially risky actions such as exposing a local port to the internet via Tailscale or Cloudflare tunnels and running a server via npx, these are transparently documented as requirements for data synchronization and are intended to be performed by the user, not autonomously or stealthily by the agent.

Capability Assessment

ℹ Purpose & Capability

The name/description (connect Apple Health via a local webhook, analyze health data) is consistent with the runtime instructions: running a webhook server, accepting HealthKit POSTs, appending to health-data.jsonl, and letting the agent analyze that file. However, the SKILL.md expects you to run an external npm package (npx healthclaw-webhook-server) and to use admin tokens and tunneling tools; those runtime requirements are not reflected in the skill registry (no required env vars, no install spec).

⚠ Instruction Scope

SKILL.md instructs the agent/user to run npx to install/run a server, expose that server to the public internet via Tailscale/Cloudflare/ngrok, generate pairing/admin tokens, and create persistent cron jobs that read health-data.jsonl from the user's Application Support directory. Reading the local health-data.jsonl is coherent with the purpose, but the instructions also assume and instruct access to environment variables (PORT, HEALTHCLAW_DATA_DIR, ADMIN_TOKEN) and to create persistent services and public endpoints — all sensitive operations that extend scope beyond a simple analysis helper. The registry did not declare those env vars.

⚠ Install Mechanism

There is no install spec in the registry; instead SKILL.md tells users to run `npx healthclaw-webhook-server`. npx will fetch and execute a package from the npm registry at runtime—this effectively installs/executes third-party code without any supply-chain metadata in the skill. The instructions also recommend installing/using third-party tunneling tools (Tailscale, cloudflared, ngrok). Fetching and running remote packages and enabling public funnels are higher-risk operations and should be justified and audited; the skill provides no upstream repo link or checksum.

⚠ Credentials

The registry lists no required env vars, but the instructions reference optional and required values (PORT, HEALTHCLAW_DATA_DIR, ADMIN_TOKEN, per-user API tokens) and describe storing permanent tokens on the server. Requesting and storing admin/user tokens is proportional to a webhook server's operation, but the lack of any declared env requirements in the registry is an inconsistency. Additionally, the instructions imply the use of notification channels (Discord) and creating cron tasks that may require other credentials (Discord webhook/token) which are not described or declared.

ℹ Persistence & Privilege

The skill does not request always:true and does not modify other skills. However, SKILL.md encourages making the webhook server persistent (LaunchAgent/systemd), opening a public URL via funnels/tunnels, and storing long-lived API tokens — these are persistent changes to the host environment and increase blast radius if the webhook or its dependencies are compromised. The skill itself does not declare elevated platform privileges, but the recommended operational setup is persistent and network-exposed.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install test-skill-xyz999
After installation, invoke the skill by name or use /test-skill-xyz999
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

HealthClaw Skill 1.0.0 – Initial Release - Stream and analyze Apple Health data (heart rate, HRV, sleep, steps, workouts) from iPhone/Apple Watch to OpenClaw via a local webhook server. - Supports secure pairing between iOS app and server, including permanent API tokens and deep linking. - Automatic background HealthKit sync and deduplication of incoming data. - Data stored in a local append-only log (`health-data.jsonl`), with multi-user isolation and single-user (legacy) mode. - Guide for server setup, public HTTPS exposure (Tailscale, Cloudflare, ngrok), and pairing process. - Admin API for multi-user management; per-user data paths supported. - Includes sample use cases (recovery score, health alerts) and links to full API reference.

Metadata

Slug test-skill-xyz999

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Test Skill Xyz999?

Connect your iPhone/Apple Watch Apple Health data to OpenClaw via a local webhook to analyze recovery, detect anomalies, and get health alerts. It is an AI Agent Skill for Claude Code / OpenClaw, with 239 downloads so far.

How do I install Test Skill Xyz999?

Run "/install test-skill-xyz999" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Test Skill Xyz999 free?

Yes, Test Skill Xyz999 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Test Skill Xyz999 support?

Test Skill Xyz999 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Test Skill Xyz999?

It is built and maintained by crxiaobailiu-gif (@crxiaobailiu-gif); the current version is v1.0.0.

More Skills