Gevety MCP
PassAudited by ClawScan on May 9, 2026.
Overview
This appears to be a purpose-aligned Gevety health-data skill, but it requires a sensitive API token and can expose private medical data to the agent.
Before installing, make sure you are comfortable letting the agent fetch private Gevety health data. Verify the publisher/source, protect the API token, and revoke it if the skill is no longer needed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent can retrieve private health data such as biomarkers, wearable statistics, lab reports, and medical profile information from Gevety.
The skill requires a Gevety API token that grants access to the user's Gevety account data. This is expected for the stated purpose, but it is sensitive account authority.
All requests require Bearer authentication. Use the `GEVETY_API_TOKEN` environment variable: Authorization: Bearer $GEVETY_API_TOKEN
Use this only if you want the agent to access your Gevety health account. Store the token securely, avoid sharing transcripts containing health data, and revoke or rotate the token if you stop using the skill.
You have less provenance information to verify who maintains the skill before granting it health-data access.
The registry metadata does not identify a source repository or verified package origin. For an instruction-only skill this is not inherently unsafe, but it is worth noticing because the skill asks for a sensitive health API token.
Source: unknown
Confirm the skill is from a trusted publisher or matches Gevety's official documentation before configuring your API token.