ClickUp Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clickup-skill Version: 1.1.2 The OpenClaw ClickUp skill is a comprehensive integration designed for managing ClickUp workspaces, tasks, documents, and time tracking. The Python client (`scripts/clickup_client.py`) interacts exclusively with the official ClickUp API endpoints (api.clickup.com) and handles the API token securely via environment variables. Argument parsing in the Python script is designed to interpret command-line inputs as API parameters (including JSON objects), preventing direct shell injection. The `SKILL.md` documentation clearly outlines the skill's extensive capabilities, which are all aligned with legitimate ClickUp management, and does not contain any instructions or patterns indicative of prompt injection attempts against the AI agent or other malicious intent. All observed behaviors, including network access and API key usage, are necessary for its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent may access and change ClickUp data in any workspace the token can access.
The skill requires a personal ClickUp API token, which lets the client act with the permissions of that token.
env:\n - name: CLICKUP_API_TOKEN\n description: "ClickUp personal API token..."\n required: true
Use the least-privileged ClickUp token available, keep it out of logs and chats, and revoke or rotate it when no longer needed.
A mistaken command or misunderstood agent action could delete or alter project-management data.
The client exposes destructive ClickUp operations such as deleting spaces, folders, lists, tasks, and time entries. This matches the advertised full CRUD purpose, but it is high-impact.
def delete_space(self, space_id: str) -> Dict:\n return self._request("DELETE", f"/space/{space_id}")Require explicit user confirmation for deletes and bulk changes, and double-check workspace/list/task IDs before running mutation commands.
Future installs may resolve a different requests package version than the author tested.
The skill depends on a Python package without a pinned version. This is common for an API client, but it provides less reproducibility than a locked dependency.
dependencies:\n - python3\n - pip:requests
Install in a controlled environment and prefer pinned dependency versions or a reviewed package lockfile where possible.