Back to skill

Security audit

ClickUp

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ClickUp integration skill that discloses credentialed workspace access and requires confirmation before writes, though users should notice it also includes ClickUp chat messaging tools.

Install only if you are comfortable connecting ClawLink to your ClickUp account and granting it access according to that account's workspace permissions. Review previews carefully before approving writes or deletes, and be aware that the integration can also read/send ClickUp chat messages and create DM channels when those tools are used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and top-level description scope the skill to task, list, space, folder, comment, goal, and workspace management, but the documented toolset also exposes chat messaging and direct-message channel creation. This capability mismatch can mislead users and downstream policy systems, causing them to approve or enable a skill with broader communication powers than advertised, which increases the risk of unauthorized message sending, social engineering, or data leakage through ClickUp chat.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.