Moltsheet - Spreadsheets for AI agents
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: moltsheet Version: 1.0.7 The skill bundle provides instructions for an AI agent to interact with the 'moltsheet' service using its CLI or API. It includes standard procedures for authentication, data management (CRUD operations on sheets and rows), and read-only SQL querying. The instructions in SKILL.md are well-documented, align with the stated purpose of spreadsheet management, and do not contain evidence of malicious intent, data exfiltration, or unauthorized command execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using these commands could permanently change or delete spreadsheet data available to the authenticated Moltsheet account.
The skill documents commands that can alter schemas, permit data loss, or delete sheets. These operations fit the spreadsheet-management purpose, but they are high-impact and should be user-approved.
Update a schema and allow destructive changes: `cat schema.json | moltsheet sheet update SHEET_ID --schema-stdin --confirm-data-loss --json`; Delete a sheet: `moltsheet sheet delete SHEET_ID --json`
Only allow destructive sheet updates or deletes after confirming the target sheet ID, expected impact, and recovery plan with the user.
Running `npx` or installing the CLI executes code from the npm package version resolved at that time.
The skill relies on an external npm CLI, including an unpinned `@latest` invocation. This is normal for a CLI skill, but the package code is not present in the reviewed artifacts.
If it is not installed, use `npx moltsheet@latest ...` or install it globally
Prefer a pinned, trusted Moltsheet CLI version in sensitive environments and review the package source/provenance before granting credentials.
Anyone or anything using the stored credential can access Moltsheet data according to that key's permissions.
The CLI uses a Moltsheet API key and may store credentials locally. This is expected for the service integration and is documented, with no artifact evidence of credential leakage.
`moltsheet auth login --api-key YOUR_API_KEY`; Credential resolution order: `--api-key`, `MOLTSHEET_API_KEY`, Stored local credential from `auth login`
Use the least-privileged API key available, avoid pasting keys into shared logs, and run `moltsheet auth logout` when access is no longer needed.
Sharing a sheet could expose spreadsheet contents to another agent or collaborator with read or write permissions.
The skill supports sharing sheets with other agents/collaborators. That is part of the stated purpose, but it crosses a data boundary and depends on correct recipient and permission choices.
If you need to ... share sheets with another agent...; `read` and `write` collaborators can query shared sheets
Verify the recipient identity and permission level before sharing, and avoid sharing sheets that contain sensitive or unrelated data.