Pipeworx airtable

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Airtable connector, but it routes broad Airtable read and write access through an external gateway without enough disclosure about permissions, data handling, or safeguards.

Review who operates the Pipeworx gateway before installing. Use a dedicated least-privilege Airtable token or account limited to the intended bases, and avoid connecting sensitive production Airtable workspaces unless you are comfortable with the gateway handling record contents, schemas, workspace metadata, and record creation requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes a remote MCP server that can enumerate bases, inspect schemas, and read or create Airtable records, but the description does not warn users that sensitive business data and metadata may be sent to or accessible through a third-party endpoint. This omission can lead users to connect production Airtable environments without understanding the privacy and data-governance implications, increasing the chance of unintended disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal