Back to skill

Security audit

Airtable Cli

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Airtable command-line tool that can read and modify Airtable records, including deletes, with no evidence of hidden behavior or exfiltration.

Install only if you intend to let this tool operate on Airtable bases available to your token. Use a least-privileged Airtable personal access token, verify base/table/record IDs before writes or deletes, and back up or test on a non-production base before bulk create, update, upsert, import, or delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def has_self_test(fp):
    r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)
    return r.returncode == 0 and "PASS" in r.stdout
Confidence
98% confidence
Finding
r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
all_ok &= axis(False, "frontmatter (no SKILL.md)")
        all_ok &= axis(False, "docs (no SKILL.md)")
    # 3 compiles
    comp_ok = all(subprocess.run([sys.executable, "-m", "py_compile", fp],
                                capture_output=True).returncode == 0 for fp in files)
    all_ok &= axis(comp_ok, "compiles (py_compile all .py)")
    # 4 self-test (any of 3 valid forms)
Confidence
94% confidence
Finding
comp_ok = all(subprocess.run([sys.executable, "-m", "py_compile", fp], capture_output=True).returncode == 0 for fp in files)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
tests = [os.path.join(folder, f) for f in os.listdir(folder)
                 if (f.startswith("test_") or f.endswith("_test.py")) and f.endswith(".py")]
        if tests:
            st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True,
                                      timeout=30).returncode == 0 for t in tests)
            st_note = f"{len(tests)} test_*.py"
        elif re.search(r"(?im)^test\s*:", skill_txt):
Confidence
98% confidence
Finding
st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True, timeout=30).returncode == 0 for t in tests)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README prominently advertises destructive capabilities such as record deletion, batch deletion, and CSV import/export but does not warn users that these operations can modify or irreversibly remove Airtable data. In an agent-oriented CLI context, this increases the chance of accidental destructive execution by users or automation that rely on the documentation for safe usage expectations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly advertises destructive operations such as record deletion and batch delete but provides no caution, confirmation guidance, or warning about irreversible remote data loss. In an agent context, this increases the chance of accidental execution against production Airtable data, especially when users rely on the README-like skill description to understand safety boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The CSV import/upsert capability can perform bulk writes or overwrite remote Airtable records, yet the skill description does not warn that a malformed CSV or wrong merge key could modify many records at once. In an automation or agent workflow, this omission makes accidental large-scale corruption or unintended updates more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.