Sheetdb
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The SheetDB skill is coherent, but it gives the agent broad authenticated ability to modify or delete spreadsheet data through Membrane without visible confirmation limits.
Before installing, confirm you trust Membrane and the npm CLI package, connect only the SheetDB account or spreadsheet you intend to use, and require the agent to ask before any write, delete, or bulk-change operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could create, update, or delete connected SheetDB data if a user request is ambiguous or too broad.
The skill exposes both a generic action runner and a raw API proxy for SheetDB, including mutating and delete methods. The visible artifact does not show confirmation or scoping requirements before changing spreadsheet-backed records.
"membrane action run <actionId> --connectionId=CONNECTION_ID --input ..." and "HTTP method (GET, POST, PUT, PATCH, DELETE)"
Require explicit user approval before create/update/delete/bulk operations, show the target connection and affected rows or sheet, and prefer scoped listed actions over raw proxy requests.
Connecting the skill can let Membrane-backed actions access SheetDB data using the authenticated account.
The skill requires delegated Membrane/SheetDB authentication and credential refresh. This is expected for the integration, but it grants account-level access that users should intentionally approve.
"Membrane handles authentication and credentials refresh automatically" and "membrane login --tenant --clientName=<agentType>"
Use the intended account only, review the SheetDB connection permissions, and revoke the connection when it is no longer needed.
A future npm package update could change the behavior of the CLI used by the skill.
The skill tells users to install or run the Membrane CLI from npm using the moving @latest tag, including a global install. This is central to the skill, but it is not version-pinned.
"npm install -g @membranehq/cli@latest" and "npx @membranehq/cli"
Install only if you trust the Membrane CLI source, and prefer a pinned reviewed version where possible.
SheetDB request contents and record data may transit Membrane infrastructure while using the proxy.
The skill routes SheetDB requests through Membrane as an authenticated gateway. This is disclosed and purpose-aligned, but it creates a third-party data and credential-handling boundary.
"send requests directly to the SheetDB API through Membrane's proxy" and "injects the correct authentication headers"
Use this only for SheetDB data you are comfortable routing through Membrane, and avoid connecting highly sensitive sheets unless your policy allows it.