Ultrahuman (OpenClaw)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Ultrahuman account token to retrieve personal health metrics.
The script can load the Ultrahuman token and email from OpenClaw's local config if they are not already in the environment. This is bounded to the named Ultrahuman variables and supports the stated purpose, but it is still account credential access.
cfg_path = os.path.expanduser("~/.openclaw/openclaw.json") ... os.environ["ULTRAHUMAN_AUTH_TOKEN"] = vars_["ULTRAHUMAN_AUTH_TOKEN"]Use a revocable or least-privileged Ultrahuman token if available, keep ~/.openclaw/openclaw.json private, and remove the token when you no longer need the skill.
Your runtime security depends partly on the external MCP server and its dependencies, which were not included in this review.
The skill depends on a separately fetched and built MCP server from GitHub, but no pinned commit, package lock review, or provenance details are provided in the artifacts.
Repository: - https://github.com/Monasterolo21/Ultrahuman-MCP Build it (example): - `bun install && bun run build`
Inspect the external repository, pin to a trusted commit/version, and review its dependencies before giving it your Ultrahuman token.
A malicious or misconfigured MCP server/config could access your Ultrahuman token or returned health metrics.
The mcporter configuration launches an MCP server and passes the Ultrahuman token/email into that server's environment. This is expected for the integration, but it creates a trust boundary around the MCP server and config.
"command": "node", "args": ["/absolute/path/to/Ultrahuman-MCP/dist/main.js"], "env": { "ULTRAHUMAN_AUTH_TOKEN": "${ULTRAHUMAN_AUTH_TOKEN}", "ULTRAHUMAN_USER_EMAIL": "${ULTRAHUMAN_USER_EMAIL}" }Run the skill only with a trusted mcporter config and MCP server path, and avoid sharing raw error output or summaries that contain sensitive health information.