ClawHub

Ultrahuman (OpenClaw)

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for summarizing Ultrahuman health metrics, but it requires trusting a local MCP setup with sensitive health credentials.

Install only if you are comfortable giving a trusted local MCP server access to your Ultrahuman token and health metrics. Review or pin the external Ultrahuman-MCP repository before use, keep tokens out of shared files and logs, and rotate the token if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs users to run local scripts, read config files, access environment variables, and invoke shell commands, but it declares no permissions or trust boundaries. This creates a mismatch between what the skill can do and what a user or host system may expect, increasing the chance of unreviewed file, shell, or secret access during execution.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script reads Ultrahuman credentials from `~/.openclaw/openclaw.json` and injects them into process environment variables, expanding the scope of secret access beyond the MCP layer. This weakens separation of concerns and means any future code in this process or child process can inherit and potentially expose those credentials.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup asks users to configure personal Ultrahuman credentials and place them into environment-backed MCP configuration, but it provides no guidance on safe storage, least privilege, log exposure, or secret-handling risks. Because this skill also uses shell tooling and external MCP components, mishandled tokens could be leaked through configs, process environments, debugging output, or repository commits.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script accesses sensitive authentication material from environment/config without any explicit user-facing notice at runtime. In a health-data context, silent credential use can undermine informed consent and makes it easier for operators to unknowingly run code that touches protected account data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends a request through `mcporter` to retrieve health metrics but does not present a user-facing warning that protected health/account data will be accessed and potentially transmitted to another component. In this skill context, the data includes sleep, HRV, RHR, recovery, and similar sensitive metrics, so lack of disclosure materially increases privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal