Resy Mcp

v0.1.3

Manage Resy restaurant reservations via MCP — search venues, book tables, list and cancel reservations, manage favorites, and subscribe to Priority Notify. T...

⭐ 0· 65·0 current·0 all-time

by@chrischall

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chrischall/resy-mcp.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Resy Mcp" (chrischall/resy-mcp) from ClawHub.
Skill page: https://clawhub.ai/chrischall/resy-mcp
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install resy-mcp

ClawHub CLI

Package manager switcher

npx clawhub@latest install resy-mcp

Security Scan

Capability signals

CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill's name/description match the code and SKILL.md: it implements Resy reservation management via Resy's private web-app API and legitimately requires the user's Resy credentials. However the registry summary at the top of the provided metadata lists 'Required env vars: none' while SKILL.md, manifest.json, server.json, and the code all require RESY_EMAIL and RESY_PASSWORD (with optional RESY_API_KEY). That mismatch between declared registry requirements and the actual code/instructions is an incoherence you should treat as a red flag (it could be a packaging/metadata oversight, but it affects install-time prompts and permission expectations).

✓

Instruction Scope

SKILL.md and the included docs instruct the agent/user to register an MCP server and provide RESY_EMAIL/RESY_PASSWORD, and describe exactly which endpoints/tools will be used. The runtime instructions do not ask for unrelated system data or ask the agent to read arbitrary files beyond the .env/.mcp.json used to supply credentials. The only slightly surprising instruction is recommending running a local 'smoke' script that hits live endpoints using the .env credentials (this is expected for live verification but you should avoid running it unless you trust the repo and want to use your real credentials).

ℹ

Install Mechanism

There is no install spec in the skill bundle (the skill is marked instruction-only), but the repository contains full source, package.json, package-lock.json, and test/build scripts. The SKILL.md suggests using 'npx resy-mcp' (npm package) or building from source. This is not malicious in itself, but it's an inconsistency worth noting: the skill will require installing/running third-party JavaScript code (via npx or npm build) which executes on your machine and receives your credentials. That raises the normal risk of running third-party code locally — review the code (which is included) before running.

Credentials

The code legitimately requires RESY_EMAIL and RESY_PASSWORD to authenticate with Resy's private endpoints and optionally RESY_API_KEY to override the public web-app key. Those credentials are proportionate to the described functionality. The concern is the earlier registry metadata claiming 'no required env vars' (a mismatch). Also note that the skill expects you to store your Resy password in environment variables or .env files; this is sensitive and appropriate safeguards (local-only storage, not checked into repos) are necessary.

✓

Persistence & Privilege

The skill does not request 'always: true' and does not claim elevated system-wide privileges. It runs as a normal MCP server process (stdio) and is invocable by user/agent as normal. Autonomy (model invocation) is enabled by default, which is the platform norm; combine this with credential access only if you are comfortable with automated calls using your Resy account.

What to consider before installing

This skill implements a client for Resy's private web-app API and needs your Resy email and password to work — that is expected for booking and listing reservations. Before installing or running it: (1) be aware the registry metadata in the skill bundle incorrectly omits the required env vars; verify that any installation prompt or UI will request RESY_EMAIL and RESY_PASSWORD as shown in SKILL.md/manifest.json, (2) review the bundled source (it is included) before running 'npx' or building from source so you understand what code will execute locally, (3) do not store your real credentials in code or a public repo — use local-only .env or the platform's secret storage, and (4) avoid running the 'smoke' script unless you want live probes against your account. The bundle appears coherent with its stated purpose, but the metadata inconsistencies and the fact it executes third-party code locally make this 'suspicious' rather than 'benign'. If you want to proceed, inspect src/client.ts and the tools for any unexpected network endpoints or logging of credentials, and prefer to run in an isolated environment or with a disposable/test account first.

✗

src/client.ts:12

Environment variable access combined with network send.

✗

tests/client.test.ts:3

Environment variable access combined with network send.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9778kz1jsjw2j7vekwjtf24qs85c2b2

65downloads

0stars

2versions

Updated 4d ago

v0.1.3

MIT-0

resy-mcp

MCP server for Resy — natural-language restaurant reservation management. Uses Resy's private web-app API with email + password auth.

npm: npmjs.com/package/resy-mcp
Source: github.com/chrischall/resy-mcp

⚠️ Resy does not publish an official API. This server uses the same private endpoints the Resy web app calls, with the public web-app api_key and user-level auth via email + password. Use at your own discretion.

Setup

Option A — npx (recommended)

Add to .mcp.json in your project or ~/.claude/mcp.json:

{
  "mcpServers": {
    "resy": {
      "command": "npx",
      "args": ["-y", "resy-mcp"],
      "env": {
        "RESY_EMAIL": "you@example.com",
        "RESY_PASSWORD": "yourpassword"
      }
    }
  }
}

Option B — from source

git clone https://github.com/chrischall/resy-mcp
cd resy-mcp
npm install && npm run build

Then add to .mcp.json:

{
  "mcpServers": {
    "resy": {
      "command": "node",
      "args": ["/path/to/resy-mcp/dist/bundle.js"],
      "env": {
        "RESY_EMAIL": "you@example.com",
        "RESY_PASSWORD": "yourpassword"
      }
    }
  }
}

Or place .env in the project directory with RESY_EMAIL= and RESY_PASSWORD=.

Authentication

RESY_EMAIL + RESY_PASSWORD are required. The client logs in lazily on first request via POST /3/auth/password, caches the returned token for the process lifetime, and re-logs automatically on 401 / 419 / auth-like 500 responses.
RESY_API_KEY is optional. If unset, the client uses the public web-app key baked into resy.com's JS bundle. Override only if Resy rotates it.

Tools

User

Tool	Description
`resy_get_profile`	Current user profile — name, email, phone, booking count, member-since. Payment method IDs are stripped.
`resy_list_payment_methods`	List saved payment methods (`id`, `brand`, `last_four`, `exp_month`, `exp_year`, `is_default`). The `id` feeds `resy_book`'s `payment_method_id`.

Venues

Tool	Description
`resy_search_venues(date, party_size, query?, lat?, lng?, limit?, radius_meters?)`	Search venues with availability for a date + party size. Defaults to NYC geo.
`resy_find_slots(venue_id, date, party_size, lat?, lng?)`	List bookable slots at a venue — each includes a short-lived `config_token`.
`resy_get_venue(venue_id)`	Full venue details.

Reservations

Tool	Description
`resy_book(venue_id, date, party_size, desired_time?, lat?, lng?, payment_method_id?)`	Composite: find fresh slot → details → book. `desired_time` is "HH:MM" (24h); closest match wins if no exact slot. Uses default payment method unless `payment_method_id` is supplied.
`resy_list_reservations(scope?)`	List reservations. `scope`: `upcoming` (default), `past`, or `all`. Each result includes the `resy_token` needed for cancellation.
`resy_cancel(resy_token)`	Cancel by `resy_token` (`rr://…`). Inspects the response body to set `cancelled: true/false` honestly.

Favorites

Tool	Description
`resy_list_favorites`	List favorited venues ("hit list").
`resy_add_favorite(venue_id)`	Add a venue to favorites.
`resy_remove_favorite(venue_id)`	Remove from favorites.

Priority Notify

Tool	Description
`resy_list_notify`	List Priority Notify subscriptions.
`resy_add_notify(venue_id, date, party_size, time_start?, time_end?)`	Subscribe to notifications when slots open. `time_start` / `time_end` are HH:MM (24h); default window 18:00–21:00.
`resy_remove_notify(notify_id)`	Cancel a Priority Notify subscription.

Workflows

Book a specific restaurant at a specific time:

resy_search_venues(query: "carbone", date: "2026-05-01", party_size: 2)
  → find venue_id
resy_book(venue_id, date: "2026-05-01", party_size: 2, desired_time: "19:00")

See what's available tonight near me:

resy_search_venues(date: "2026-04-20", party_size: 2, lat: 37.7749, lng: -122.4194)
  → returns venues with baked-in slot availability

Cancel a reservation:

resy_list_reservations() → find resy_token for the one to cancel
resy_cancel(resy_token)

Stalking a hard-to-get table:

resy_search_venues(query: "4 charles prime rib", ...) → venue_id
resy_add_notify(venue_id, date: "2026-05-31", party_size: 2, time_start: "19:00", time_end: "21:00")
# Resy emails you when a slot opens

Notes

Slot config_tokens expire within minutes of being fetched. resy_book re-fetches fresh slots internally — don't try to thread a stale token from resy_find_slots into a book call manually.
resy_book requires a payment method on file at resy.com/account. If none exists it throws a clear error.
Default geo is NYC (40.7128, -73.9876). Pass lat/lng for other cities.
Favorites and Priority Notify endpoint paths are reverse-engineered. If a call fails with 404, run npm run smoke locally against your credentials and adjust the path.
RESY_API_KEY env var overrides the baked-in public web-app key if Resy ever rotates it.

Comments

Loading comments...