ClawHub

Moltsheet - Spreadsheets for AI agents

v1.0.2

Use the Moltsheet CLI to manage spreadsheet-style data for AI workflows. Prefer the CLI over raw HTTP. Authenticate once, prefer `--json`, and use files or s...

1· 2k·0 current·0 all-time
byyouss@youssefbm2008
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an instruction-only guide for using the Moltsheet CLI. It does not request unrelated credentials, binaries, or filesystem paths and the referenced concepts (API key, MOLTSHEET_API_KEY, base URL, keytar-backed storage) are reasonable for a CLI that talks to a spreadsheet service.
Instruction Scope
Runtime instructions are limited to running the Moltsheet CLI (or npx/npm fallbacks), checking auth state, reading sheet/schema before writes, and using stdin/files for structured input. The instructions do not ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints. They do allow overriding base URL (expected for testing).
Install Mechanism
There is no install spec bundled with the skill (instruction-only). The guidance encourages npm install -g or npx moltsheet@latest; npx/npm will fetch and run code from the public registry at runtime, which is normal but does execute remote code — users should verify package provenance and prefer pinned versions for reproducibility.
Credentials
The skill declares no required environment variables. The SKILL.md documents standard CLI credential resolution (explicit --api-key, MOLTSHEET_API_KEY, stored auth) and secure storage via OS key stores; these are proportional to the CLI's purpose. No unrelated credentials are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill recommends storing auth in OS credential stores or a local config as fallback, which is normal for a CLI. It does not request elevated or system-wide persistent privileges beyond its own credential storage.
Assessment
This skill is an instruction-only reference for using the Moltsheet CLI and appears coherent, but take normal precautions before running network-fetched CLIs: 1) Verify the moltsheet package on the npm registry (author, maintainers, recent releases) before running `npx` or installing globally; prefer a pinned version instead of `@latest`. 2) Avoid passing API keys on the command line (they can appear in process listings); use stored auth or environment variables where appropriate. 3) When overriding --base-url, ensure you trust the endpoint (don’t point it to an unknown server). 4) If you will allow autonomous agent invocation, be aware the agent could run the CLI commands described here — ensure the agent’s permissions and stored credentials are scoped appropriately. If you want a deeper check, provide the package repo or homepage (not present) so the package source and install scripts can be inspected.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f36ybt4tqpacyjwpphts3pd85052t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments