Clickup

Security checks across malware telemetry and agentic risk

Overview

This ClickUp integration is openly described, but it gives an agent broad authority to change or delete project data without clear confirmation guardrails.

Install only if you are comfortable granting Membrane-mediated access to the relevant ClickUp workspace. Use a least-privileged ClickUp account where possible, confirm exact task/list IDs before create/update/delete actions, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents destructive operations such as deleting tasks and lists, but provides no guardrails requiring user confirmation, scoping checks, or warnings before mutation. In an agent setting, this increases the chance of accidental or over-broad destructive actions because the documented workflow normalizes direct execution of state-changing commands.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal