ClawHub

Gevety MCP

v1.9.0

Access your Gevety health data - biomarkers, healthspan scores, biological age, supplements, medications, medical profile, activities, strength training, erg...

3· 2.3k·1 current·1 all-time
by@moclippa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the required credential (GEVETY_API_TOKEN) and the SKILL.md documents API endpoints on api.gevety.com for biomarker, wearable, and healthspan data. The requested capability (one service API token) is proportionate to the stated purpose.
Instruction Scope
Runtime instructions tell the agent to use web_fetch against Gevety endpoints and to supply Authorization: Bearer $GEVETY_API_TOKEN. They also instruct the user to optionally add the token to ~/.clawdbot/clawdbot.json and restart Clawdbot. This is mostly within scope; the small inconsistency (declaring env var usage while also suggesting storing the token in a local config file) is worth noting but not a security red flag by itself. There are no instructions to read unrelated system files or to transmit data to third-party endpoints outside Gevety.
Install Mechanism
No install spec or code files — the skill is instruction-only, which minimizes footprint. Nothing is downloaded or written by an installer step.
Credentials
Only a single credential (GEVETY_API_TOKEN) is required and is appropriate for accessing a user-specific health API. The SKILL.md's dual guidance (env var + config file entry) is a convenience choice but doesn't request unrelated secrets. Note: the token grants access to highly sensitive personal health data, so treat it as sensitive.
Persistence & Privilege
always:false and user-invocable:true (with normal model invocation allowed) — no elevated or permanent privileges are requested and the skill does not request changes to other skills or system-wide settings.
Assessment
This skill is internally consistent: it needs only your Gevety API token and then calls Gevety's API (https://api.gevety.com) to read health data. Before installing, consider: (1) the token grants access to sensitive health records — only use a token you control and revoke it if you stop using the skill; (2) the SKILL.md suggests storing the token either as an environment variable or in ~/.clawdbot/clawdbot.json — storing secrets in files increases local risk (if other users/processes can read your home directory); (3) verify the token is from gevety.com (token prefix described as gvt_) and that you trust the environment (Clawdbot runtime) that will hold the token; (4) because the agent can invoke skills normally, make sure you only enable/use this skill when you want the agent to access your health data. If you want stronger guarantees, prefer setting GEVETY_API_TOKEN as an environment variable at runtime instead of persisting it to a file.

Like a lobster shell, security has layers — review code before you run it.

latestvk974828srp3ffhknxqa82xnnkd840rzk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGEVETY_API_TOKEN
Primary envGEVETY_API_TOKEN

Comments