Security audit

ClickUp

Security checks across malware telemetry and agentic risk

Overview

This is a transparent ClickUp integration with expected credential, write-access, and webhook risks that are disclosed and tied to its purpose.

Install only if you trust Maton to broker ClickUp OAuth/API traffic. Keep MATON_API_KEY private, specify the intended connection when multiple ClickUp accounts are linked, and review all write, delete, connection, and webhook actions before approving them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest claims access is limited to tasks, lists, folders, spaces, workspaces, users, and webhooks, but the documented webhook event surface also includes goals and key results. This creates a scope/permission mismatch that can mislead users and reviewers about what data and actions the skill can observe or trigger, undermining informed consent and security review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.