Back to skill
Skillv1.0.0
ClawScan security
Airtable Participants · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 2:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are consistent with a read-only Airtable participant query tool; the required API key and CLI tools are proportional and expected.
- Guidance
- This skill appears to do exactly what it says: read participant records from Airtable using your AIRTABLE_API_KEY and standard CLI tools. Before installing, confirm you are comfortable granting the agent read access to participant PII (emails/phones/donation status). Also confirm that it is acceptable for the skill to write verified Base ID/Table name to TOOLS.md/MEMORY.md and to create logs under memory/logs/crm-writes when edits are authorized. If you require stricter controls, consider limiting who can invoke the skill or require explicit human approval for any run that returns PII.
Review Dimensions
- Purpose & Capability
- okThe name/description (querying participant data in an Airtable base) match the declared needs: AIRTABLE_API_KEY, curl, and jq. Those binaries and the single API key are appropriate for the stated purpose.
- Instruction Scope
- noteSKILL.md stays largely within scope (queries, pagination, filtering, and strict read-only behavior by default). It does instruct the agent to store verified Base ID/Table name in TOOLS.md and MEMORY.md and to write change logs under memory/logs/crm-writes/YYYY-MM-DD.md when Austin authorizes edits — these are reasonable for an agent that keeps state, but they imply the skill will write files in the agent workspace. If your environment restricts file writes or you expect explicit config-path declarations, confirm that writing to those files is allowed and safe.
- Install Mechanism
- okInstruction-only skill with no install spec; this is low risk. It relies on standard CLI tools (curl, jq) already expected to be present.
- Credentials
- okOnly AIRTABLE_API_KEY is required and declared as the primary credential. The data accessed (emails, phone numbers, donation status) is consistent with that credential. No unrelated credentials or broad secrets are requested.
- Persistence & Privilege
- notealways is false (normal). The skill allows autonomous invocation (platform default). Combined with access to participant PII, that increases the blast radius if misused; however the skill includes explicit behavior rules (read-only by default, require Austin approval for writes, never post PII to Slack). Review agent autonomy policies and who can invoke the skill.