Airtable
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives local execution trust to whatever version npm resolves at install time.
The skill asks the user to install a global npm package at the latest version rather than a pinned version. This is normal for CLI setup but carries ordinary package provenance/version drift risk.
npm install -g @membranehq/cli@latest
Install only from the expected npm package, consider pinning a reviewed version, and keep the CLI updated from trusted sources.
Once connected, the agent may be able to access Airtable resources allowed by the authenticated token.
The integration depends on delegated authenticated access to Airtable through Membrane, including token refresh. This is expected for the stated purpose but is sensitive account authority.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged Airtable/Membrane connection possible and revoke the connection when it is no longer needed.
A mistaken action or wrong record ID could update or delete Airtable records.
The documented Airtable actions include destructive and mutating operations. These are purpose-aligned for an Airtable management skill, but they can alter or delete live data.
Delete Records | delete-records | Delete multiple records by their IDs (up to 10 at a time)
Require clear user confirmation for deletes or bulk updates, verify base/table/record IDs, and prefer read-only checks before mutation.
Raw API calls may bypass the clearer input schemas of named actions and can perform any Airtable API operation allowed by the token.
The skill provides a raw API proxy fallback that injects authentication headers. This is disclosed and useful, but broader than pre-defined scoped actions.
send requests directly to the Airtable API through Membrane's proxy
Use named actions when possible, and review raw proxy requests carefully before sending them.
Remote setup guidance could influence the agent's next steps if treated too broadly.
The workflow may expose provider-returned instructions to the agent. This appears intended for connection setup, but such instructions should not override the user's goal or safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as limited to the current Airtable/Membrane connection flow and ignore anything unrelated to the user's request.