Airtable
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: airtable Version: 1.0.7 The skill provides a standard integration for Airtable via the Maton API gateway (api.maton.ai), facilitating managed OAuth and CRUD operations. The code snippets in SKILL.md use standard Python libraries (urllib) to interact with the documented API endpoints, and the instructions include explicit security guidance for the agent to seek user approval before performing write operations. No indicators of data exfiltration, malicious execution, or obfuscation were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can change or delete Airtable records in the connected account.
The skill can perform high-impact Airtable write operations, including updates and deletes, but it discloses this capability and requires explicit user confirmation.
Manage bases, tables, and records with full CRUD operations. ... All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Before approving write actions, verify the exact base, table, records, and intended effect; consider backups or Airtable revision history for important data.
Anyone or any agent with the Maton API key may be able to use the connected Airtable permissions exposed through this integration.
The skill relies on a Maton API key and delegated OAuth access to act against the user’s Airtable account, which is expected for this integration but sensitive.
Access the Airtable API with managed OAuth authentication. ... Authorization: Bearer $MATON_API_KEY ... Maton proxies requests to `api.airtable.com` and automatically injects your OAuth token.
Keep the MATON_API_KEY secret, connect only the intended Airtable account, and revoke the Maton/Airtable connection if access is no longer needed.
Airtable record contents, queries, and metadata sent through the skill may be visible to or processed by Maton as the proxy provider.
Airtable requests and responses pass through Maton’s API gateway before reaching Airtable, creating a third-party data flow that users should understand.
Base URL: https://api.maton.ai/airtable/{native-api-path} ... Maton proxies requests to `api.airtable.com` and automatically injects your OAuth token.Use this only for Airtable data you are comfortable routing through Maton, and review Maton’s account, connection, and privacy settings.