Airtable MCP — security audit

Airtable MCP: trust score 68/100 — 3 capability surfaces.

↗ View server in catalog

Trust score

68

Grade C

Risk flags

  • Community-authored

    Maintained by Community. Confirm the repo and signing before installing.

  • No public repository linked

    Without a public repo we cannot independently audit the code. Caution warranted.

Capability surface

  • Process spawn

    Medium risk

    Launches subprocesses via docker, npx, uvx — supply-chain risk if package is compromised.

    Evidence: npx

  • Outbound network

    Medium risk

    Calls external APIs (GitHub, Slack, Stripe, etc.). Data leaves the machine.

    Evidence: api

  • Secrets handling

    Medium risk

    Requires API keys, tokens or credentials in env vars. Watch for placeholder leaks.

    Evidence: api_key

Trust signals

Total trust score is the sum of these contributions. Each signal carries a fixed weight.

  • Verified by Loadout

    +20 / 20

    Manually verified.

  • Official author

    +0 / 15

    Maintained by community contributors.

  • Community traction

    +18 / 20

    3,200 GitHub stars.

  • Public source

    +0 / 15

    No linked public repository.

  • Stability

    +15 / 15

    Tagged stable in our last review.

  • Capability surface

    +15 / 15

    No high-risk capabilities detected.

Disclaimer

This is an automated heuristic triage. It does not replace a hand-rolled code audit. Use it to prioritise which servers deserve a deeper look — especially anything carrying high-risk capabilities like shell execution or filesystem write.