vitavault

Integrates Apple Health data with AI agents via VitaVault, enabling seamless health data syncing without a Mac.

Install this skill

or

11/100

Security score

The vitavault skill was audited on Mar 3, 2026 and we found 35 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 79

Curl to non-GitHub URL

SourceSKILL.md

79	curl -s https://YOUR-URL/health

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: VitaVault iOS app integration - sync Apple Health data directly to your AI agent. Auto-setup webhook, token generation, and HTTPS exposure. Works with any iPhone, no Mac required.

medium line 32

Webhook reference - potential data exfiltration

SourceSKILL.md

32	### Step 2: Start the webhook

low line 35

Webhook reference - potential data exfiltration

SourceSKILL.md

35	VITAVAULT_SYNC_TOKEN="$TOKEN" nohup python3 scripts/webhook.py --host 0.0.0.0 --port 8787 > /tmp/vitavault-webhook.log 2>&1 &

medium line 38

Webhook reference - potential data exfiltration

SourceSKILL.md

38	The webhook listens for health data POSTs and saves snapshots to `~/vitavault/data/`.

medium line 42

Webhook reference - potential data exfiltration

SourceSKILL.md

42	The VitaVault iOS app requires HTTPS (iOS App Transport Security). You MUST expose the webhook over HTTPS. Detect what's available and use the first option that works:

medium line 89

Webhook reference - potential data exfiltration

SourceSKILL.md

89	> Webhook URL: `https://YOUR-URL`

medium line 98

Webhook reference - potential data exfiltration

SourceSKILL.md

98	The webhook should survive reboots. Create a systemd service:

low line 101

Webhook reference - potential data exfiltration

SourceSKILL.md

101	cat > /tmp/vitavault-webhook.service << 'EOF'

low line 103

Webhook reference - potential data exfiltration

SourceSKILL.md

103	Description=VitaVault Webhook Receiver

low line 110

Webhook reference - potential data exfiltration

SourceSKILL.md

110	ExecStart=/usr/bin/python3 /path/to/skills/vitavault/scripts/webhook.py --host 127.0.0.1 --port 8787

low line 118

Webhook reference - potential data exfiltration

SourceSKILL.md

118	sudo cp /tmp/vitavault-webhook.service /etc/systemd/system/

low line 120

Webhook reference - potential data exfiltration

SourceSKILL.md

120	sudo systemctl enable --now vitavault-webhook

medium line 155

Webhook reference - potential data exfiltration

SourceSKILL.md

155	Users can also export data manually from VitaVault (no webhook needed):

high line 70

Ngrok tunnel reference

SourceSKILL.md

70	Option D: ngrok (quick testing)

medium line 72

Ngrok tunnel reference

SourceSKILL.md

72	ngrok http 8787

medium line 73

Ngrok tunnel reference

SourceSKILL.md

73	# Gives you a temporary https://*.ngrok-free.app URL

low line 26

Access to hidden dotfiles in home directory

SourceSKILL.md

26	python3 -c "import secrets; print(secrets.token_hex(32))" > ~/.config/vitavault/sync-token

low line 27

Access to hidden dotfiles in home directory

SourceSKILL.md

27	mkdir -p ~/.config/vitavault

low line 28

Access to hidden dotfiles in home directory

SourceSKILL.md

28	TOKEN=$(cat ~/.config/vitavault/sync-token)

low line 14

External URL reference

SourceSKILL.md

14	Sync Apple Health data from [VitaVault](https://vitavault.io) iOS app directly to your OpenClaw agent. No shared servers, no middleman - data flows phone to your agent only.

low line 16

External URL reference

SourceSKILL.md

16	> No Mac required. Install VitaVault from [TestFlight](https://testflight.apple.com/join/A4G27HBt) (beta) or the App Store.

low line 49

External URL reference

SourceSKILL.md

49	sudo tailscale funnel --bg --set-path /vitavault http://127.0.0.1:8787

low line 50

External URL reference

SourceSKILL.md

50	# Your URL will be: https://<your-tailscale-hostname>/vitavault

low line 56

External URL reference

SourceSKILL.md

56	cloudflared tunnel --url http://localhost:8787

low line 57

External URL reference

SourceSKILL.md

57	# Gives you a temporary https://*.trycloudflare.com URL

low line 65

External URL reference

SourceSKILL.md

65	proxy_pass http://127.0.0.1:8787;

low line 68

External URL reference

SourceSKILL.md

68	URL would be: `https://yourdomain.com/vitavault`

low line 73

External URL reference

SourceSKILL.md

73	# Gives you a temporary https://*.ngrok-free.app URL

low line 79

External URL reference

SourceSKILL.md

79	curl -s https://YOUR-URL/health

low line 89

External URL reference

SourceSKILL.md

89	> Webhook URL: `https://YOUR-URL`

low line 178

External URL reference

SourceSKILL.md

178	- App: [VitaVault on TestFlight](https://testflight.apple.com/join/A4G27HBt) (beta)

low line 179

External URL reference

SourceSKILL.md

179	- Website: [vitavault.io](https://vitavault.io)

low line 180

External URL reference

SourceSKILL.md

180	- Developers: [vitavault.io/developers](https://vitavault.io/developers/)

low line 181

External URL reference

SourceSKILL.md

181	- Privacy: [vitavault.io/privacy](https://vitavault.io/privacy/)

Scanned on Mar 3, 2026

View Security Dashboard

Install this skill with one command

/learn @openclaw/vitavault

GitHub Stars 2.2K

Rate this skill

Categoryhealthcare

UpdatedMarch 29, 2026

openclaw api health-informatics customer-success-manager technical-support healthcare sales support

openclaw/skills