Claude Ally Health: why it is not safe to use
Health-report images are sent to a third-party GLM vision service for OCR, so sensitive medical data leaves your device even though structured records stay local.
Claude Ally Health helps you track medical reports locally, and most of our checks came back clean: no hardcoded secrets, no destructive commands, no obfuscated code, no credential access, and no privilege escalation. The command files are plain instruction markdown with no hidden directives.
What we found
The skill processes medical report images by sending them to an external GLM vision service (`mcp__4_5v_mcp__analyze_image`) for OCR. That means images containing sensitive health information leave your device and are handled by a third party, even though the resulting structured records are stored locally. This is the reason for the warn verdict on data exfiltration and external fetches. We found no evidence of malicious intent; the concern is where your data travels, not what the author does with it.
What to do instead
If you use this skill, avoid submitting reports that contain identifying details or information you would not want processed off-device. Review the GLM service's data handling and retention terms first. Where possible, prefer a local OCR option or redact names and identifiers before analysis. Treat any health image you pass in as data shared with an outside vendor.
Source: https://github.com/huifer/Claude-Ally-Health
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.