Is 0x7466/coda safe?

https://github.com/openclaw/skills/tree/main/skills/0x7466/coda

93
SAFE

This is a clean, well-documented Coda API management skill with no prompt injection, no data exfiltration vectors, and no malicious behavior. The Python CLI script communicates only with the legitimate Coda API endpoint, includes appropriate safety guardrails for destructive operations, and all monitored clone-time activity is attributable to standard OS operations and git installation. The only notable considerations are the broad scope of the API token (inherent to Coda's design) and the --force flag that bypasses delete confirmations.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (6)

LOW Executable Python CLI included -12

The skill ships a 400+ line Python script (coda_cli.py) that makes HTTP requests to the Coda API. The code is clean and well-structured with no eval(), exec(), subprocess, or dynamic code generation. All HTTP traffic targets only the legitimate Coda API at coda.io/apis/v1/.

LOW API token read from environment -8

The script reads CODA_API_TOKEN from the environment or --token CLI flag. This is necessary for API authentication and is clearly documented. The token grants full read/write access to all Coda documents the user can access.

LOW Force-delete bypasses confirmation -10

The --force flag on delete operations skips interactive confirmation. While this is a standard CLI pattern for automation use cases, an LLM agent could potentially use --force without explicit user consent, leading to accidental data deletion.

INFO External URL references in documentation -5

SKILL.md references three external URLs, all pointing to legitimate Coda API documentation. No instructions to fetch, execute, or interact with these URLs programmatically.

INFO Local data export capability 0

The CLI supports exporting table data to local files in CSV and JSON formats. This is legitimate functionality but means Coda document data can be written to the local filesystem where other processes could access it.

INFO Broad API token scope -5

The Coda API token provides access to all documents the user can access in their workspace. This is inherent to Coda's API design rather than a skill flaw, but users should be aware of the access scope.