ClickUp Skill
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate ClickUp integration, but it can use your ClickUp API token to read, create, update, and delete project data in workspaces your token can access.
This skill is suitable for a ClickUp integration if you are comfortable giving it a ClickUp API token. Before installing, be aware that it can perform full CRUD actions, including deletes, so use a limited token where possible and require manual review for destructive or bulk operations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent may access and change ClickUp data in any workspace the token can access.
The skill requires a personal ClickUp API token, which lets the client act with the permissions of that token.
env:\n - name: CLICKUP_API_TOKEN\n description: "ClickUp personal API token..."\n required: true
Use the least-privileged ClickUp token available, keep it out of logs and chats, and revoke or rotate it when no longer needed.
A mistaken command or misunderstood agent action could delete or alter project-management data.
The client exposes destructive ClickUp operations such as deleting spaces, folders, lists, tasks, and time entries. This matches the advertised full CRUD purpose, but it is high-impact.
def delete_space(self, space_id: str) -> Dict:\n return self._request("DELETE", f"/space/{space_id}")Require explicit user confirmation for deletes and bulk changes, and double-check workspace/list/task IDs before running mutation commands.
Future installs may resolve a different requests package version than the author tested.
The skill depends on a Python package without a pinned version. This is common for an API client, but it provides less reproducibility than a locked dependency.
dependencies:\n - python3\n - pip:requests
Install in a controlled environment and prefer pinned dependency versions or a reviewed package lockfile where possible.