ClawHub

Teable

Security checks across malware telemetry and agentic risk

Overview

This Teable integration is legitimate in purpose, but it gives an agent broad data-changing and permanent deletion abilities without clear safeguards.

Review before installing. Use a least-privilege Teable token, avoid production data until tested, verify resource IDs before running any delete/reset command, and consider adding confirmation or dry-run safeguards before allowing an agent to use permanent deletion or trash-emptying commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents destructive trash operations such as reset, restore, and permanent delete without any warning about irreversible data loss or recommending confirmation before execution. In an agent skill context, this increases the chance of accidental or automated destructive actions against user data, especially because the commands are presented as routine usage examples.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to place a personal access token directly in shell commands and persistent shell startup files without warning about exposure through shell history, process listings, shared terminals, screenshots, or insecure dotfile storage. This can lead to credential disclosure and unauthorized API access to Teable resources.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The usage examples include destructive actions such as deleting bases, tables, records, emptying trash, and permanently deleting items without any warning, safeguard note, or confirmation step. In operational documentation, this can lead users to run irreversible commands against real data by copy-pasting examples, increasing the risk of accidental data loss.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation instructs users to export an API key and later suggests echoing the environment variable to troubleshoot 401 errors, but does not warn that this reveals a sensitive credential in terminal history, logs, screenshots, or shared sessions. While common in examples, this weakens secret-handling hygiene and may lead to inadvertent token exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The delete operation performs an irreversible API call immediately with no confirmation prompt, dry-run mode, or force flag. In a CLI or agent context, this increases the chance of accidental destructive actions from user error, malformed automation, or prompt/parameter manipulation, resulting in unintended space deletion.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reset command empties trash immediately after parsing arguments, with no interactive confirmation, dry-run mode, or force flag gating the destructive action. In a CLI or agent context, this increases the chance of accidental mass deletion from typoed arguments, automation mistakes, or prompt-induced misuse, especially because the operation affects an entire resource's trash rather than a single item.

Missing User Warnings

High
Confidence
95% confidence
Finding
The delete command can permanently remove one or many trash items without any warning, confirmation, or safeguard distinguishing reversible and irreversible actions. This is more dangerous than reset because it performs permanent deletion and supports batch item IDs, so a malformed input, automation bug, or manipulated agent instruction can cause unrecoverable data loss at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal