Security audit

Personal Task Tracking

Security checks across malware telemetry and agentic risk

Overview

This ClickUp task skill is purpose-aligned, but it can change live workspace tasks and exposes credential-handling risk without enough guardrails.

Review before installing. Use the least-privileged ClickUp token available, do not print the API key with echo, and require the agent to show the exact list ID, task ID, title, and due date before creating or closing any ClickUp task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs users to close tasks but provides no warning that this changes remote state and no confirmation step before performing the action. In an agent context, that can lead to unintended task closure, workflow disruption, or loss of visibility if the action is triggered from ambiguous user intent.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill describes creating ClickUp tasks without clearly warning that it writes persistent data to an external service. In an agent workflow, missing write-operation disclosure increases the chance of accidental task creation from exploratory or loosely phrased requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.