Native Airtable
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward read-only Airtable helper, but it uses an Airtable personal access token, so the token should be scoped carefully.
Before installing, make sure you are comfortable letting the agent read Airtable data covered by AIRTABLE_PAT. Use a dedicated read-only token, restrict it to specific bases rather than all bases when possible, and avoid using a token with unnecessary permissions.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broadly scoped token could let the agent retrieve sensitive Airtable business, customer, or project records during normal use.
The skill requires an Airtable personal access token with schema and record read permissions; if the user grants access to all bases, the agent can read data from every base covered by that token.
Add scopes: - `data.records:read` - `schema.bases:read` ... Under **Access**, select which bases to grant access to (or all)
Create a dedicated Airtable PAT with only the listed read-only scopes and grant it access only to the specific bases needed; revoke or rotate it when no longer needed.