ClawHub

Teable

v1.0.6

Manage Teable resources with full CRUD for records, bases, spaces, tables, dashboards, and trash via API and command-line scripts.

0· 345·0 current·0 all-time
byKGTAF@killgfat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, README, and included Python scripts all align: this is a Teable API client that legitimately needs TEABLE_API_KEY and optionally TEABLE_URL. However, the registry-level 'Requirements' summary at the top of the package listing (which shows no required env vars / no primary credential) is inconsistent with the skill's own metadata (SKILL.md and clawhub.json) and the code that requires TEABLE_API_KEY. This mismatch is a documentation/packaging incoherence that could mislead users about what secrets the skill needs.
Instruction Scope
SKILL.md and the scripts limit behavior to calling the Teable API (default https://app.teable.ai or TEABLE_URL) using the provided API key. The runtime instructions only ask for TEABLE_API_KEY (required) and TEABLE_URL (optional) and show CLI usage; scripts include URL validation and output-path validation and do not attempt to read other system files or unrelated environment variables.
Install Mechanism
No packaged install spec beyond a small requirements.txt and instructions to install the requests library (pipx/pip). No downloads from arbitrary URLs or archive extraction are present. The code is provided directly in the skill bundle.
!
Credentials
Functionality requires a single API token (TEABLE_API_KEY), which is proportionate. However the top-level registry metadata in this listing incorrectly reports 'Required env vars: none' and 'Primary credential: none' while SKILL.md and clawhub.json declare TEABLE_API_KEY as required/primary. That inconsistency is concerning because it may trick users into installing without supplying or reviewing the token requirement.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and is user-invocable only. It does not modify other skills or system-wide agent settings; scripts run as ordinary CLI/Python code and do not claim elevated platform privileges.
What to consider before installing
This skill contains Python scripts that will send whatever you set in TEABLE_API_KEY to the Teable instance (defaults to https://app.teable.ai) or to a TEABLE_URL you provide. That behavior is expected for a client like this. Before installing or running it: 1) Be aware the package listing incorrectly omitted the required TEABLE_API_KEY in its top-level metadata—do not rely on the registry summary; the skill does require an API token. 2) Only use a token with minimal necessary scopes and consider creating a short-lived or limited-scope personal access token you can revoke. 3) Review the included scripts (they are provided) and confirm TEABLE_URL is correct if you use a self-hosted instance. 4) Run the scripts in an isolated environment (virtualenv/container) if you have any doubt, and monitor network traffic the first time to confirm endpoints are expected. 5) If you do not trust the source or cannot verify the token scopes, do not provide your primary Teable admin token—create a limited test token instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk971d3vje2j493k7089c14wshn81yj1d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments