ClawHub

Tidy

v1.1.0

Full-featured AI property management — addresses, cleanings, reservations, tasks, pros, and natural language messaging.

0· 69·0 current·0 all-time
by@mchusma
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AI property management) matches the requested artifacts: tidy-request CLI binary and a TIDY_API_TOKEN. Required binaries and env var are appropriate for calling the TIDY REST/MCP APIs described in the SKILL.md.
Instruction Scope
Runtime instructions stay within the domain of TIDY's APIs and CLI. The SKILL.md does instruct the user to modify third-party client config (e.g., add the MCP server to Claude Desktop's config) and references storing credentials at ~/.config/tidy/credentials; modifying other app config is expected for integration but is a broader scope than purely calling an API and should be done intentionally by the user.
Install Mechanism
This is an instruction-only skill with no install spec. The docs recommend installing tidy-request via a Homebrew tap or npm -g, which is typical for a CLI; nothing in the skill attempts to download or execute arbitrary code automatically.
Credentials
Only TIDY_API_TOKEN is required, which is proportionate. However the docs state tokens do not expire and are not invalidated on re-login, and the CLI stores credentials in ~/.config/tidy/credentials by default — these are security considerations (long-lived credential, on-disk storage) the user should weigh before supplying the token.
Persistence & Privilege
The skill does not request 'always: true' or elevated privileges. It does instruct users how to add the MCP endpoint to other clients' configuration files (e.g., Claude Desktop), which is a normal integration step but modifies other applications' config and should be done explicitly by the user.
Assessment
This skill appears to do what it says: it requires the tidy-request CLI and a TIDY_API_TOKEN to call tidy.com's REST and MCP APIs. Before installing or providing a token: (1) verify you trust the tidy-request binary source (brew tap or npm package) and inspect it if possible; (2) prefer setting the TIDY_API_TOKEN as an environment variable instead of leaving credentials on disk, and be aware the docs say tokens do not expire and old tokens remain valid — rotate/revoke tokens if compromised; (3) only add the MCP endpoint to other clients (e.g., Claude Desktop) if you intend to integrate TIDY with those applications; and (4) limit the token's use to machines/users you trust. If you want a stronger assurance, ask the publisher for documentation about token scopes, revocation, and the tidy-request project's source code/release artifacts before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ze8rg9vbx7czvtxqars9ad83wdak

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSmacOS · Linux
Binstidy-request
EnvTIDY_API_TOKEN
Primary envTIDY_API_TOKEN

Comments