Safety Report

Native Airtable

Name: Native Airtable
Rating: 5 (2 reviews)
Author: codeninja23

Read Airtable bases, tables, and records directly via the Airtable API. Use when you need spreadsheet/database data from Airtable. Calls api.airtable.com dir...

188Downloads

1Installs

2Stars

1Versions

API Integration4,971 Database Management1,222 Data Analysis904

Security Analysis

high confidence

Clean

The skill's files, instructions, and required credential line up with its stated purpose (reading Airtable via the official API) and do not request unrelated access or install arbitrary code.

Mar 7, 20262 files

Purpose & Capabilityok

Name/description match the included CLI script and required env var. The skill only needs python3 and an Airtable PAT (AIRTABLE_PAT) to call api.airtable.com, which is exactly what a native Airtable reader should require.

Instruction Scopeok

SKILL.md instructs the agent to set AIRTABLE_PAT and run the provided script under /mnt/skills/user/.... The script only reads AIRTABLE_PAT, makes HTTPS calls to api.airtable.com, and prints responses to stdout. It does not read other system files, config paths, or send data to external endpoints beyond api.airtable.com.

Install Mechanismok

No install spec is provided (instruction-only with a bundled script) and the only runtime dependency is python3. No downloads, package installs, or third-party installers are requested.

Credentialsok

The skill declares a single required environment variable AIRTABLE_PAT (also primaryEnv). That matches the functionality and is proportionate; no unrelated secrets or multiple credentials are requested.

Persistence & Privilegeok

The skill is not forced as always:true and is user-invocable. It does not attempt to modify other skills or system-wide settings. Autonomous invocation remains possible (platform default) but is not combined with any extra privileges.

Guidance

This skill appears to do exactly what it claims: call api.airtable.com using a Personal Access Token (AIRTABLE_PAT) and print results. Before installing, consider: - Use a least-privilege PAT (scopes data.records:read and schema.bases:read and limit the bases it can access). If possible create a token that only covers the bases the agent must read. - The script prints record data to stdout; anything the agent does with that output (logging, forwarding) is your responsibility. Don’t provide a PAT that exposes unrelated sensitive bases. - The code has minor correctness issues (search formula formatting and fields handling) and does not sanitize user-supplied formula/query strings — avoid running untrusted queries if you’re worried about unexpected Airtable formula behavior. - If the PAT is ever exposed or you stop using the skill, revoke the token in your Airtable account. Overall this skill is internally consistent and low-risk, but follow standard secret-management practices and review output handling in your agent environment.

Latest Release

v0.1.0

Initial release — Connects directly to Airtable's official API for reading spreadsheet/database contents. - Read Airtable bases, tables, and records through direct API calls (no third-party proxy). - Supports filtering, field selection, view selection, and record searching. - Requires a Personal Access Token (PAT) for authentication (old API keys not supported). - Provides command-line scripts for listing and querying bases, tables, and records. - Clear setup instructions and usage examples included.

More by @codeninja23

Clawpod

20 stars

Native HubSpot

18 stars

Native Stripe

16 stars

Native Linear

16 stars

Native Monday

3 stars

Native Sentry

2 stars

Published by @codeninja23 on ClawHub