Ultrahuman (OpenClaw)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ultrahuman-openclaw Version: 0.1.2 The skill is classified as suspicious primarily due to its reliance on a user-installed, third-party Ultrahuman MCP server from an external GitHub repository (https://github.com/Monasterolo21/Ultrahuman-MCP), as detailed in SKILL.md. This introduces a supply chain risk, as the skill's functionality and security are dependent on this external component. The `scripts/ultrahuman_summary.py` script executes `mcporter` via `subprocess.run`, which then runs the configured Node.js server, creating a chain of execution that could be exploited if the external component or its configuration were compromised. Additionally, the script accesses `~/.openclaw/openclaw.json` to retrieve sensitive credentials (ULTRAHUMAN_AUTH_TOKEN, ULTRAHUMAN_USER_EMAIL), which, while common for OpenClaw skills, is a sensitive operation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Ultrahuman account token to retrieve personal health metrics.
The script can load the Ultrahuman token and email from OpenClaw's local config if they are not already in the environment. This is bounded to the named Ultrahuman variables and supports the stated purpose, but it is still account credential access.
cfg_path = os.path.expanduser("~/.openclaw/openclaw.json") ... os.environ["ULTRAHUMAN_AUTH_TOKEN"] = vars_["ULTRAHUMAN_AUTH_TOKEN"]Use a revocable or least-privileged Ultrahuman token if available, keep ~/.openclaw/openclaw.json private, and remove the token when you no longer need the skill.
Your runtime security depends partly on the external MCP server and its dependencies, which were not included in this review.
The skill depends on a separately fetched and built MCP server from GitHub, but no pinned commit, package lock review, or provenance details are provided in the artifacts.
Repository: - https://github.com/Monasterolo21/Ultrahuman-MCP Build it (example): - `bun install && bun run build`
Inspect the external repository, pin to a trusted commit/version, and review its dependencies before giving it your Ultrahuman token.
A malicious or misconfigured MCP server/config could access your Ultrahuman token or returned health metrics.
The mcporter configuration launches an MCP server and passes the Ultrahuman token/email into that server's environment. This is expected for the integration, but it creates a trust boundary around the MCP server and config.
"command": "node", "args": ["/absolute/path/to/Ultrahuman-MCP/dist/main.js"], "env": { "ULTRAHUMAN_AUTH_TOKEN": "${ULTRAHUMAN_AUTH_TOKEN}", "ULTRAHUMAN_USER_EMAIL": "${ULTRAHUMAN_USER_EMAIL}" }Run the skill only with a trusted mcporter config and MCP server path, and avoid sharing raw error output or summaries that contain sensitive health information.