Clickup
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent ClickUp task-tracking skill, but it relies on a local CLI and ClickUp API token to persistently add, search, and close tasks.
This skill appears benign for users who want an agent to manage ClickUp tasks. Before installing, make sure you trust and have reviewed the local `cu`/`cu.cjs` CLI, configure it only for your intended ClickUp workspace and lists, protect the API token, and understand that the agent may create or close tasks as part of normal non-trivial work.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may add or close ClickUp tasks during normal use.
The skill instructs the agent to use a CLI to create and close ClickUp tasks. That is purpose-aligned for task tracking, but it can change a user's ClickUp workspace.
When done, **log the result**: ```bash # Add a new task cu add "task description" --desc "full details" --priority 2 # Close one cu done <task_id> ```
Install only if you want this behavior, configure the intended lists carefully, and review important task changes if your ClickUp workspace is shared or business-critical.
Anyone or anything that can read the token may be able to access or modify ClickUp data permitted by that token.
The skill requires a ClickUp API token. This is expected for the integration, but it grants account/workspace authority and is not declared in the registry metadata.
- **Token:** store at `~/.openclaw/credentials/clickup/api_token` (`chmod 600`).
Use the least-privileged ClickUp token available, protect the token file permissions, and revoke the token if you stop using the skill.
The safety of the actual ClickUp operations depends on the local `cu.cjs`/`cu` script the user installs.
The skill depends on a local helper script/CLI that is not included in the reviewed package. The artifact set only contains SKILL.md, so the helper's behavior was not reviewed.
- **CLI:** `~/bin/cu` symlinked to your local `cu.cjs` (Node.js, plain `https`, no dependencies).
Inspect or obtain the `cu.cjs` helper from a trusted source before use, and ensure it only talks to the intended ClickUp API endpoints.
Task names, descriptions, and ideas may persist in ClickUp and be used in later work sessions.
The skill intentionally stores and later retrieves task context from ClickUp. This is disclosed and purpose-aligned, but persistent task text can influence future agent behavior.
ClickUp is the **persistent task store** that lives next to your agent's daily memory files.
Avoid storing secrets in task descriptions, periodically review persistent tasks, and treat task text as user data rather than authoritative instructions.