Coda.io
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward Coda API helper, but it can change, delete, share, and trigger actions in Coda using your API token.
This skill appears coherent and purpose-aligned. Install it only if you are comfortable giving the agent a Coda API token, and treat delete, share, publish, and automation actions as confirmation-worthy operations.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill gives the agent the ability to act in Coda as allowed by the token, potentially across multiple docs or workspaces.
The skill requires a Coda API token, which is appropriate for the stated Coda integration but grants access according to that token's permissions.
CODA_API_TOKEN (required): "Coda API token — get at https://coda.io/account → API settings"
Use the least-privileged or most limited token available, revoke it when no longer needed, and avoid sharing tokens in chat or logs.
A mistaken command or misunderstood request could delete Coda content, share a doc with another person, or trigger an automation.
The helper exposes destructive, access-changing, and workflow-triggering Coda operations. These are consistent with the stated purpose, but they are high-impact actions.
delete-doc) ... _del "$BASE/docs/$1" ... share-doc) ... /acl/permissions ... trigger-automation) ... /hooks/automation/$2
Confirm doc IDs, table IDs, recipients, access levels, and automation rule IDs before allowing delete, share, publish, or automation-triggering actions.