ClawHub

Vacation Property Management

v1.0.0

Manage vacation rental properties, guest reservations, and cleaning checklists with the TIDY platform.

0· 51·0 current·0 all-time
by@mchusma
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description expect a TIDY API integration and the only declared requirement is TIDY_API_TOKEN; all endpoints referenced are under public-api.tidy.com and align with property, reservation, and to-do list management.
Instruction Scope
SKILL.md contains only curl examples and API endpoint usage against tidy.com and instructs using the TIDY_API_TOKEN env var. It does not instruct reading other files or unrelated environment variables. Note: the doc includes signup/login examples (with example passwords) and states "Tokens do not expire," which is a security/usability detail you may want to verify with the vendor.
Install Mechanism
No install spec and no code files — instruction-only reduces surface area; nothing is downloaded or written to disk by the skill itself.
Credentials
Only a single credential (TIDY_API_TOKEN) is required, which is proportionate to an API integration. Consider that this token may grant broad account privileges (create/delete addresses and reservations), so verify token scope and rotate/store it securely.
Persistence & Privilege
Skill is not marked always:true and does not request persistent system-wide changes; it does enable API actions when invoked. Autonomous invocation is allowed by default on the platform but not unusually privileged here.
Assessment
This skill appears to do what it says: call the TIDY API using a TIDY_API_TOKEN. Before installing, verify tidy.com is the real vendor and that the token you supply has the minimum needed permissions (prefer scoped or readonly tokens if available). Don't paste your real token into chat or public places; store it in a secure secret manager and rotate it if it's long-lived. Confirm the SKILL.md claim that "Tokens do not expire" with TIDY — long-lived tokens increase risk if leaked. If you allow the agent to invoke this skill autonomously, be aware it can create/update/delete addresses and reservations using that token; consider testing with a sandbox account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974g0fm31kzse459785kb5mth83w49t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
EnvTIDY_API_TOKEN
Primary envTIDY_API_TOKEN

Comments