ClickUp
Security checks across malware telemetry and agentic risk
Overview
This ClickUp skill is a disclosed ClawLink integration that asks for user confirmation before writes and shows no concrete malicious behavior.
Before installing, be aware that this skill depends on the ClawLink plugin and service and can affect ClickUp data once connected. Review the ClickUp permissions requested during the hosted connection flow, and only approve write actions after checking the ClawLink preview.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.