Skillv1.2.0

ClawScan security

Coda.io · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 16, 2026, 8:24 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a straightforward Coda API helper, but the package metadata does not declare the required CODA_API_TOKEN even though the SKILL.md and script require it — an inconsistency worth noting before installing.
Guidance: This skill is a coherent Coda API client, but note that the SKILL.md and included script require CODA_API_TOKEN even though the registry metadata does not declare it — that's a packaging inconsistency. Before installing: (1) only provide a Coda API token you trust and create a token with least privileges possible (dedicated account or restricted scope) so you can revoke it easily; (2) review the scripts/coda.sh content yourself (it is short and uses curl to call https://coda.io/apis/v1); (3) avoid pasting a high-privilege or personal token into untrusted agents — create a scoped token for this skill; (4) if you need stronger assurance, ask the publisher for a homepage/source repository or verify the publisher identity, since the skill's source/homepage are unknown. If you are comfortable with these points, the skill appears to do what it claims.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md, API reference, and the included script all align with a Coda REST API helper. The operations the skill performs (list/read/write/share/automations) match the stated purpose. However, the registry metadata lists no required environment variables or primary credential while SKILL.md and scripts explicitly require CODA_API_TOKEN — a packaging/metadata inconsistency.
Instruction Scope: okRuntime instructions and the helper script limit actions to calling Coda's documented REST endpoints using the CODA_API_TOKEN. The skill does not instruct reading unrelated files, other env vars, or contacting unexpected external endpoints. All documented commands are scoped to Coda API interactions.
Install Mechanism: okThere is no install spec (instruction-only) and a small helper script is included. Nothing in the manifest downloads or extracts external code from untrusted URLs, so install risk is low. The script will be executed locally when run.
Credentials: concernThe skill requires a single API credential (CODA_API_TOKEN), which is appropriate for the declared purpose. However, the registry metadata/requirements do not declare that env var (registry says none required) while SKILL.md and scripts require it — this mismatch can mislead users into thinking no credentials are needed. The requested secret name is appropriate for Coda, but users should limit the token's scope and treat it as sensitive.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide agent settings. Autonomous invocation (disable-model-invocation=false) is the default and not by itself a red flag; it is not combined with other high-risk requests here.