67
/ 100
9 days ago
glama
healow-mcp-server
An MCP server that wraps the eClinicalWorks / healow FHIR R4 API so an MCP client (e.g. Claude Desktop) can read patient clinical data from one or more practices.
Is this your MCP?
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
✅
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
🔐
You'll be asked for 1 credential: HEALOW_CLIENT_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.config
HEALOW_CLIENT_ID— yes OAuth client id issued by healow/eCW.🔐 secret
HEALOW_CLIENT_SECRET— yes OAuth client secret (confidential client).config
HEALOW_REDIRECT_URI— yes Registered redirect URI. A loopback URL (e.g. http://localhost:9999/callback) enables auto-capture during bootstrap.config
HEALOW_TOKEN_STORE— The SQLite store at $ holds only non-secret metadata// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/voysi-ia-healow-mcp-server-2yiu34)commit: b673a95a132bda1aaff52edee108a976be45a489
code hash: b6cdacc4f69409fd264bec7906db42ee03d4dea13eebcfb6085b62c758f8998c
verified: 6/16/2026, 1:26:03 PM