Yeah, the benefits here are pretty cool to think about. The ability to say "you can't access this sensitive web resource until you attest that your system is up to date and an antivirus has run in the last week" is huge. The problem is that sites could also say "and you don't have an adblocker installed".
One option would potentially be to only allow positive assertions - ie: "You are up to date" not "you are not running this". TBH I think that would address a major concern for me.