Coda
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Coda API management skill, but it can use your Coda token to change or delete Coda content, so use it carefully.
Install only if you want the agent to manage Coda via your API token. Before write, delete, publish, permission, or automation actions, make sure the agent asks for the exact target and intended change, and avoid using force flags unless you are deliberately bypassing prompts.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken command could modify or delete Coda documents or trigger Coda automations that may notify people or affect connected workflows.
The skill exposes high-impact Coda operations, including deletion and automation triggers. These are central to the stated purpose and the instructions disclose guardrails, but users should treat them as sensitive actions.
Supports listing/creating/updating/deleting docs, managing tables/rows/pages, triggering automations... Force delete without confirmation (use with caution)
Confirm document, table, row, and page IDs before write/delete actions; avoid --force unless the user has explicitly requested that exact destructive action.
Anyone or any agent process using this token can act on Coda documents the token can access.
The skill uses a user Coda API token with broad access to the user's Coda documents. This is expected for the integration and is disclosed, but it is high-impact account authority.
Set environment variable `CODA_API_TOKEN` with your Coda API token... The token has full access to all docs the user can access
Use a token only in a trusted environment, rotate it if exposed, and prefer the least-privileged Coda account/workspace access available.