Tidyup
v2.0.2Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Tidyup concepts, best practices, and implementation patterns.
⭐ 0· 105·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and included artifacts align: this is a local reference tool producing plain-text documentation. It does not request credentials, binaries, or external services. The presence of a small shell script that prints heredoc documentation is appropriate for the stated purpose.
Instruction Scope
SKILL.md claims no external API calls or credentials and the script likewise only emits local heredoc text; instructions do not reference system files, env vars, or network endpoints. Minor wording mismatch in the quickstart heredoc that mentions 'Required tools and access credentials' even though the skill elsewhere states no credentials are needed — this is a documentation inconsistency but not a sign of data-exfiltration.
Install Mechanism
No install spec is provided (instruction-only style). There is a bundled script file but nothing in the metadata instructs downloading or executing code from remote URLs. No high-risk install mechanisms are present.
Credentials
The skill declares no required environment variables, and the included script does not read environment variables or prompt for credentials. There are no unexpected secrets or config path requirements.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify system or other-skill configuration. It is user-invocable and, as typical, can be invoked autonomously by the agent, but there are no additional privilege requests.
Assessment
This skill appears to be a simple local reference tool and is internally consistent with that purpose. Before installing, note two small non-security issues: the packaged script sets VERSION="2.0.1" while the registry lists 2.0.2, and one quickstart text line mentions 'access credentials' despite the skill not using any—these are documentation/version inconsistencies rather than malicious behavior. If you plan to let an autonomous agent invoke skills, remember that invoking this skill will run its included script (which only prints docs), so only install if you trust the BytesAgain source. If you want extra assurance, inspect or run the scripts in a sandbox/VM yourself before allowing the agent to use them.Like a lobster shell, security has layers — review code before you run it.
latestvk973zcqkjzqh5pbrn8fr8z0zd183h39t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.