ClawHub

ClickUp Skill

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate ClickUp integration, but it can change live ClickUp workspace data when used with an API token.

Install only if you are comfortable giving the skill a ClickUp API token with access to your workspaces. Use the least-privileged token available, keep it out of logs and shared shells, verify workspace/list/task IDs before writes, and require manual review for deletes, relationship changes, and bulk edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The document API guidance is internally contradictory, referring to both workspace_id and team_id for document operations. In a multi-workspace, state-changing integration, ambiguous identifiers can cause writes to the wrong workspace or failed operations that users retry incorrectly, increasing the chance of accidental data modification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-start section presents create and update commands that immediately modify remote ClickUp data without any warning that these actions are state-changing. Users may treat examples as safe to run during exploration, causing unintended task creation or mutation in production workspaces tied to real clients and projects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Dependency and link management commands alter task relationships that can affect project execution, sequencing, and team workflows, yet the documentation provides no warning about those side effects. In an agency multi-workspace context, accidental relationship changes can misrepresent blocking states and disrupt client deliverables across active projects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The bulk-operations guidance encourages looping over many tasks but omits safeguards such as dry-run, scoping, confirmation, and rollback planning. In a tool with broad CRUD access to ClickUp, this can magnify a simple scripting mistake into widespread unintended modifications across lists, spaces, or workspaces.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill prominently documents create and update operations without any warning, confirmation guidance, or safe-operating notes, which increases the chance an agent or user will perform unintended state-changing actions in a production ClickUp workspace. In a project-management integration with broad CRUD support across multiple workspaces, accidental modification can affect tasks, spaces, folders, time entries, and reporting data at organizational scale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to export a personal API token into the shell environment without any credential-handling warning, which can lead to accidental exposure through shell history, process inspection in some environments, logging, screenshots, or reuse in insecure contexts. Because the token grants access to ClickUp workspace data and modification capabilities, compromise of the token can lead to unauthorized reading and alteration of project information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal