Back to skill

Security audit

Tidy

Security checks across malware telemetry and agentic risk

Overview

This is a real property-management integration, but it gives agents broad authority over live TIDY records using long-lived credentials with limited safety guidance.

Install only if you are comfortable allowing TIDY-connected agents to manage real property records, reservations, cleanings, tasks, and service professionals. Treat the token like a password, avoid shared machines and command history exposure, use secure secret storage where possible, log out or revoke tokens when done, and require explicit human confirmation before any delete, cancellation, reschedule, booking, or paid-service action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents delete, cancel, and reschedule operations with no caution about destructive effects, confirmation requirements, or irreversibility. In an agent setting, this increases the risk of unintended destructive actions against live reservations, jobs, or property records from ambiguous prompts or automation mistakes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication examples show direct handling of email/password credentials and state that bearer tokens do not expire, but provide no security guidance on secret handling, shell history exposure, token storage risk, or rotation. This is dangerous because long-lived tokens and plaintext credential examples encourage insecure operational practices that can lead to persistent account compromise if copied into logs, prompts, scripts, or shared terminals.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that credentials are stored in ~/.config/tidy/credentials if the environment variable is not set, but it does not clearly warn users that this is persistent on-disk secret storage or describe the security implications. This can lead to bearer tokens being left unprotected on shared systems, backed up unintentionally, or exposed through weak file permissions, especially because the same document also notes that tokens do not expire.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference exposes a `login` tool that requires raw email and password submission through the MCP client, but provides no warning, security guidance, or safer authentication alternative such as OAuth/device flow or scoped API keys. In an AI-agent context, this is risky because users may be induced to hand primary account credentials to third-party clients, logs, prompts, or tool traces, increasing the chance of credential leakage and account compromise.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Get a token
curl -X POST https://public-api.tidy.com/api/v2/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","password":"yourpassword"}'
# Returns: { "token": "abc123..." }
Confidence
88% confidence
Finding
curl -X POST https://public-api.tidy.com/api/v2/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"you@example.com","password":"yourpassword"}' # Returns: { "token": "abc123..." } e

Session Persistence

Medium
Category
Rogue Agent
Content
# Send any property management request in plain English
tidy-request "Schedule a deep clean for next Tuesday at my Beach House"
tidy-request "Create a guest reservation for April 10-14"
tidy-request "Report a broken window at address 123" --address-id 123
```
Confidence
86% confidence
Finding
Create a guest reservation for April 10-14" tidy-request "Report a broken window at address 123" --address-id 123 ``` ### API Quick Start ```bash # Get a token curl -X POST https://public-api.tidy.c

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.