Tidbyt Status Display
PassAudited by ClawScan on May 1, 2026.
Overview
This skill matches its stated Tidbyt status-display purpose, but it can expose agent activity metadata over an unauthenticated network service if you run it.
This looks safe for its stated purpose if you only run it on a trusted local network. Before installing, be aware that it can run continuously and publish your agent's activity status to anyone who can reach the configured port; restrict firewall access and verify any missing Tidbyt app file before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
People or devices on reachable networks could see when the agent is active, idle, or working and view recent activity metadata.
The status API listens on all network interfaces and allows reads from any browser origin. This is aligned with making the API reachable by a Tidbyt integration, but any host that can reach the port can read the status JSON.
server = HTTPServer(("0.0.0.0", port), StatusHandler) ... self.send_header("Access-Control-Allow-Origin", "*")Run it only on trusted networks, restrict firewall access to the needed device or LAN, and consider binding to a specific interface or adding a token/reverse proxy if exposed beyond the local network.
If installed as a service or started with nohup, the API may continue running after the terminal is closed or after reboot.
The documentation includes optional background and systemd service modes that keep the status server running. This persistence is disclosed and purpose-aligned for a display service.
ExecStart=/usr/bin/python3 scripts/status_server.py Restart=always ... nohup python3 scripts/status_server.py > /tmp/scout-status.log 2>&1 &
Use persistent mode only if you want continuous status display, and keep the disable/stop commands available, such as killing the background process or disabling the systemd service.
The documented Tidbyt app may not be available from the installed package, so users might need to obtain or create it separately.
The documentation says the Tidbyt Starlark app file is part of the integration, but the provided file manifest does not include scout_status.star, creating an incomplete-package/provenance gap for that component.
2. **Tidbyt App** (`scout_status.star`) - Starlark app for rendering on Tidbyt ... - `scout_status.star` - Tidbyt Starlark app
Confirm the missing scout_status.star file comes from a trusted source before using or pushing it to a Tidbyt device.