Coda Packs
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for managing Coda Packs, but it can use a Coda API token to change or delete Packs, so users should review destructive actions carefully.
Install only if you intend to let the agent manage private Coda Packs. Provide a limited Coda API token, confirm Pack IDs before updates or deletions, avoid --force unless you explicitly approve the deletion, and be cautious with the optional npm/npx Pack SDK workflow.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is available, the agent can use it to manage Coda Packs in the associated account.
The skill requires a Coda API token with authority to manage Packs. This is expected for the stated purpose, but it gives the agent delegated account access.
API Token: Set environment variable `CODA_API_TOKEN` ... Must have Pack management permissions
Use the least-privileged Coda token available, set it only when needed, and remove or rotate it if you no longer use the skill.
A Pack could be deleted if the delete command is run, and using --force would skip the interactive safety prompt.
The CLI supports irreversible Pack deletion and documents a force flag that bypasses confirmation. The default confirmation guardrail is disclosed, but the force option should be used carefully.
Delete Pack (requires confirmation) ... Or skip confirmation: --force
Only delete Packs after an explicit user request, avoid --force unless the user has clearly approved it, and prefer listing/getting the Pack first to verify the target.
Running npm/npx commands executes code from the package ecosystem on the user's machine.
The documentation suggests installing and running an external npm package for advanced Pack workflows. This is purpose-aligned, but it introduces normal package supply-chain considerations.
npm install -g @codahq/packs-sdk ... npx @codahq/packs-sdk build
Verify the package is the official Coda Pack SDK, consider pinning versions, and follow Coda's official documentation before installing or running it.