Skip to main content

airtable

Interacts with Airtable's REST API using curl for CRUD operations, enabling efficient data management and integration.

Install this skill

or
0/100

Security score

The airtable skill was audited on May 17, 2026 and we found 41 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 46

Curl to non-GitHub URL

SourceSKILL.md
46curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?maxRecords=5" \
medium line 75

Curl to non-GitHub URL

SourceSKILL.md
75curl -s "https://api.airtable.com/v0/meta/bases" \
medium line 81

Curl to non-GitHub URL

SourceSKILL.md
81curl -s "https://api.airtable.com/v0/meta/bases/$BASE_ID/tables" \
medium line 88

Curl to non-GitHub URL

SourceSKILL.md
88curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?maxRecords=10" \
medium line 94

Curl to non-GitHub URL

SourceSKILL.md
94curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE/$RECORD_ID" \
medium line 103

Curl to non-GitHub URL

SourceSKILL.md
103curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?filterByFormula=$ENC&maxRecords=20" \
medium line 117

Curl to non-GitHub URL

SourceSKILL.md
117curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?sort%5B0%5D%5Bfield%5D=Priority&sort%5B0%5D%5Bdirection%5D=asc&fields%5B%5D=Name&fields%5B%5D=Status" \
medium line 124

Curl to non-GitHub URL

SourceSKILL.md
124curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?view=Grid%20view&maxRecords=50" \
medium line 133

Curl to non-GitHub URL

SourceSKILL.md
133curl -s -X POST "https://api.airtable.com/v0/$BASE_ID/$TABLE" \
medium line 141

Curl to non-GitHub URL

SourceSKILL.md
141curl -s -X POST "https://api.airtable.com/v0/$BASE_ID/$TABLE" \
medium line 156

Curl to non-GitHub URL

SourceSKILL.md
156curl -s -X PATCH "https://api.airtable.com/v0/$BASE_ID/$TABLE/$RECORD_ID" \
medium line 164

Curl to non-GitHub URL

SourceSKILL.md
164curl -s -X PATCH "https://api.airtable.com/v0/$BASE_ID/$TABLE" \
medium line 178

Curl to non-GitHub URL

SourceSKILL.md
178curl -s -X DELETE "https://api.airtable.com/v0/$BASE_ID/$TABLE/$RECORD_ID" \
medium line 184

Curl to non-GitHub URL

SourceSKILL.md
184curl -s -X DELETE "https://api.airtable.com/v0/$BASE_ID/$TABLE?records%5B%5D=rec1&records%5B%5D=rec2" \
high line 206

Curl to non-GitHub URL

SourceSKILL.md
2061. **Confirm auth.** `curl -s -o /dev/null -w "%{http_code}\n" https://api.airtable.com/v0/meta/bases -H "Authorization: Bearer $AIRTABLE_API_KEY"` — expect `200`.
medium line 29

Access to hidden dotfiles in home directory

SourceSKILL.md
294. Store the token in `~/.hermes/.env` (or via `hermes setup`):
medium line 225

Access to hidden dotfiles in home directory

SourceSKILL.md
225- **`AIRTABLE_API_KEY` flows from `~/.hermes/.env` into the subprocess automatically** when this skill is loaded — no need to re-export it before each `curl` call.
medium line 29

Access to .env file

SourceSKILL.md
294. Store the token in `~/.hermes/.env` (or via `hermes setup`):
medium line 225

Access to .env file

SourceSKILL.md
225- **`AIRTABLE_API_KEY` flows from `~/.hermes/.env` into the subprocess automatically** when this skill is loaded — no need to re-export it before each `curl` call.
low line 14

External URL reference

SourceSKILL.md
14homepage: https://airtable.com/developers/web/api/introduction
low line 23

External URL reference

SourceSKILL.md
231. Create a **Personal Access Token (PAT)** at https://airtable.com/create/tokens (tokens start with `pat...`).
low line 38

External URL reference

SourceSKILL.md
38- **Endpoint:** `https://api.airtable.com/v0`
low line 46

External URL reference

SourceSKILL.md
46curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?maxRecords=5" \
low line 64

External URL reference

SourceSKILL.md
64| URL / Email / Phone | `"Link": "https://…"` |
low line 65

External URL reference

SourceSKILL.md
65| Attachment | `"Files": [{"url": "https://…"}]` (Airtable fetches + rehosts) |
low line 75

External URL reference

SourceSKILL.md
75curl -s "https://api.airtable.com/v0/meta/bases" \
low line 81

External URL reference

SourceSKILL.md
81curl -s "https://api.airtable.com/v0/meta/bases/$BASE_ID/tables" \
low line 88

External URL reference

SourceSKILL.md
88curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?maxRecords=10" \
low line 94

External URL reference

SourceSKILL.md
94curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE/$RECORD_ID" \
low line 103

External URL reference

SourceSKILL.md
103curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?filterByFormula=$ENC&maxRecords=20" \
low line 117

External URL reference

SourceSKILL.md
117curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?sort%5B0%5D%5Bfield%5D=Priority&sort%5B0%5D%5Bdirection%5D=asc&fields%5B%5D=Name&fields%5B%5D=Status" \
low line 124

External URL reference

SourceSKILL.md
124curl -s "https://api.airtable.com/v0/$BASE_ID/$TABLE?view=Grid%20view&maxRecords=50" \
low line 133

External URL reference

SourceSKILL.md
133curl -s -X POST "https://api.airtable.com/v0/$BASE_ID/$TABLE" \
low line 141

External URL reference

SourceSKILL.md
141curl -s -X POST "https://api.airtable.com/v0/$BASE_ID/$TABLE" \
low line 156

External URL reference

SourceSKILL.md
156curl -s -X PATCH "https://api.airtable.com/v0/$BASE_ID/$TABLE/$RECORD_ID" \
low line 164

External URL reference

SourceSKILL.md
164curl -s -X PATCH "https://api.airtable.com/v0/$BASE_ID/$TABLE" \
low line 178

External URL reference

SourceSKILL.md
178curl -s -X DELETE "https://api.airtable.com/v0/$BASE_ID/$TABLE/$RECORD_ID" \
low line 184

External URL reference

SourceSKILL.md
184curl -s -X DELETE "https://api.airtable.com/v0/$BASE_ID/$TABLE?records%5B%5D=rec1&records%5B%5D=rec2" \
low line 195

External URL reference

SourceSKILL.md
195URL="https://api.airtable.com/v0/$BASE_ID/$TABLE?pageSize=100"
low line 206

External URL reference

SourceSKILL.md
2061. **Confirm auth.** `curl -s -o /dev/null -w "%{http_code}\n" https://api.airtable.com/v0/meta/bases -H "Authorization: Bearer $AIRTABLE_API_KEY"` — expect `200`.
low line 219

External URL reference

SourceSKILL.md
219- **Per-base token scoping.** A `403` on one base while another works means the token's Access list doesn't include that base — not a scope or auth issue. Send the user to https://airtable.com/create/
Scanned on May 17, 2026
View Security Dashboard
Installation guide →
GitHub Stars 153.5K
Rate this skill
Categorydata analytics
UpdatedMay 20, 2026
openclawapidatabasedata-analystbackend-developergrowth-marketerairtabledata analyticsdevelopmentmarketing
NousResearch/hermes-agent