Pipeworx airtable
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could add records to an Airtable table, including the wrong table or workspace if the request is misunderstood.
This exposes a write-capable tool for Airtable records, but the artifact does not describe confirmation, base/table restrictions, rollback, or other safeguards before modifying account data.
## airtable_create_record Add a new record to an Airtable table with specified field values.
Only use it with clearly limited Airtable permissions, and require explicit user confirmation before any create operation.
Connecting a broad Airtable account could expose workspace names, base IDs, schemas, and records beyond the specific project the user intended.
The skill can enumerate all Airtable bases available to the connected identity. The provided metadata declares no primary credential or required environment variables, so the authorization flow and scope limits are not clear.
List all Airtable bases you have access to. Returns base IDs, names, and workspace info.
Use a dedicated Airtable token or account restricted to the intended bases, and verify how Pipeworx obtains and stores authorization.
Airtable queries, record contents, schemas, and possibly authorization material may pass through a third-party service that is not described in the artifacts.
The skill routes Airtable operations through an external MCP gateway, but the artifact does not explain the gateway's identity, authentication model, data retention, or data boundary.
"mcpServers": {
"airtable": {
"url": "https://gateway.pipeworx.io/airtable/mcp"
}
}Review Pipeworx's trust, privacy, and authentication documentation before connecting sensitive Airtable bases.
Users have limited provenance information for the hosted connector that will handle Airtable actions.
The remote MCP service is not accompanied by a source link or homepage in the provided artifacts, so users cannot verify the implementation or operator from this package alone.
Source: unknown Homepage: none
Install only if you trust the publisher and can independently verify the Pipeworx gateway and its Airtable integration.