Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clickup Operational
v1.0.0Execute and validate ClickUp workspace, folder, list, task, and assignment operations deterministically with full error handling and progress diagnostics.
⭐ 0· 390·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The README/spec claim full ClickUp API automation (creating workspaces, inviting users, reading all tasks, webhooks) and integration with brain systems (Mem0, Neo4j, SQLite). Yet the skill declares no required environment variables, no primary credential, and no required config paths. Real ClickUp operations require an API token and scopes; Neo4j/SQLite/Mem0 integrations require connection URIs/credentials. This mismatch indicates the declared requirements do not match the stated purpose.
Instruction Scope
SKILL.md instructs scanning tasks, finding/inviting users, posting comments (including mentions), attaching external artifacts (Loom), and auto-storing every operation into Mem0/Neo4j/SQLite. Those instructions go beyond a passive helper: they read workspace state, modify resources, and persist data to other systems. The spec also references fallbacks to 'MCP' and a 'People graph' with no explanation of endpoints or privacy controls. The instructions therefore ask the agent to access and transmit data without specifying where credentials/configuration come from.
Install Mechanism
There is no install spec and no code files shipped, but the spec refers to a substantive codebase (scripts/, CLI clickup-op, tests). The skill documents CLI commands and Python function examples as if binaries exist. That inconsistency (commands referenced but not provided) is a red flag: either the skill is incomplete or it expects external binaries/implementation to already exist in the environment — which should have been declared.
Credentials
No environment variables, tokens, or config paths are declared, yet the operational steps require: ClickUp API token and OAuth scopes, DB connection strings (Neo4j, SQLite file path or URI), and likely access to a People graph and email/invite capabilities. The skill also implies the ability to post comments and upload attachments. Requiring broad unspecified credentials would be disproportionate; the absence of explicit credential requirements is a coherence problem.
Persistence & Privilege
The skill states it will auto-store every successful operation into persistent systems (Mem0, Neo4j, SQLite). While always:false (not force-included), the spec envisions persistent writes to multiple backends. Those persistence actions require clear consent, storage locations, and retention rules — none are declared. There's no evidence how/where data is stored or how brain credentials are provided, which increases the risk of unexpected data persistence or leakage.
What to consider before installing
Do not install or grant permissions yet. The skill's spec describes automated ClickUp operations and writes to external "brain" systems, but the package contains only documentation (no code or installer) and declares no API tokens, database URIs, or install steps. Ask the publisher for: (1) source code or a verifiable homepage/repo; (2) an explicit install mechanism and a checksumed release; (3) a clear list of required environment variables (ClickUp API token and scopes, Neo4j/SQLite/Mem0 connection details) and why each is needed; (4) privacy/retention policy for stored data and where Mem0/Neo4j writes will live; (5) whether the skill will invite users or send emails and what scopes are required. Until you can review code and confirm the exact credentials and endpoints, test only in a sandbox ClickUp workspace with least privilege API tokens and no access to sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk974d81rbg6fcn3gah6n05yde181xps8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.