Basecamp CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is purpose-built for Basecamp, but it gives an AI broad power to create, update, delete, archive, message, and configure webhooks in a Basecamp account, so it deserves review before installation.
Install only if you want your AI assistant to manage Basecamp on your behalf. Keep tool-call approval on, require explicit confirmation for destructive or posting actions, restrict webhook creation to trusted destinations, and protect the Basecamp client secret and stored OAuth tokens.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An AI agent using this skill could change, delete, archive, or post content in Basecamp projects if it is misprompted or acts without careful confirmation.
The skill exposes many mutating and destructive Basecamp actions as MCP tools for AI-assistant use, but the artifacts do not describe required user confirmation or scoped approvals before high-impact changes.
`basecamp_create_project`, `basecamp_archive_project` ... `basecamp_delete_todo` ... `basecamp_delete_card` ... `basecamp_send_campfire_line`
Use this skill only with tool-call approval enabled, and require explicit user confirmation for create, update, delete, archive, trash, move, send, subscribe, and webhook operations.
A created webhook could continue sending Basecamp project activity to a third-party URL after the initial tool call.
Webhook creation is documented with an arbitrary payload URL. In an agentic workflow, creating or updating webhooks can establish ongoing delivery of Basecamp events to an external endpoint without an artifact-described allowlist or approval rule.
basecamp webhooks create --project <id> --payload-url "https://..."
Only allow webhook creation or updates to trusted URLs after explicit user approval, and periodically audit and delete unneeded Basecamp webhooks.
Anyone or any agent process with access to these credentials or stored tokens may be able to act through the configured Basecamp integration.
The MCP server receives Basecamp OAuth client credentials through environment variables, which is expected for this integration but grants delegated access to the connected Basecamp account.
"env": { "BASECAMP_CLIENT_ID": "<your-client-id>", "BASECAMP_CLIENT_SECRET": "<your-client-secret>" }Protect the client secret, use the least-privileged Basecamp account practical, revoke tokens if compromised, and avoid sharing MCP configuration files containing secrets.
Installing the package runs code from the npm ecosystem on the user’s machine.
The skill is installed as a global npm package, which is normal for this CLI/MCP purpose but depends on npm package provenance and dependency integrity.
npm install -g @drkraft/basecamp-cli
Install a specific trusted version, verify the package publisher and repository, and keep the package updated from the expected source.