Clup

ReviewAudited by ClawScan on May 10, 2026.

Overview

Clup mostly does what it claims, but it needs review because it uses a ClickUp API token and builds ClickUp API JSON unsafely from user-provided ticket text.

Install only if you are comfortable giving this script a ClickUp API token that can create tasks. Prefer a dedicated token and list, protect the token outside shared shell files, and ensure ticket text is JSON-escaped or reviewed before the agent runs the command.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A crafted ticket title, description, status, or tag could create a malformed request or unexpectedly change fields on the ClickUp task being created.

Why it was flagged

Title, description, status, and tags come from command-line arguments/environment and are placed directly into JSON without escaping via a JSON encoder. Quotes, backslashes, or crafted text could break the request or alter the ClickUp payload.

Skill content

JSON_PAYLOAD=$(cat <<EOF
{
  "name": "$TITLE",
  "description": "$DESCRIPTION",
  "status": "$STATUS",
  "tags": $TAGS_JSON
}
EOF
)

Recommendation

Build the request body with a JSON-safe encoder such as jq --arg or Python json, and have the agent show or confirm the final task content before creating it.

Medium

#ASI03: Identity and Privilege Abuse

What this means

The skill can create tasks in the configured ClickUp list using your API token, and that token may carry broader ClickUp account permissions.

Why it was flagged

The skill requires a ClickUp API token and target list ID to create tasks. This is purpose-aligned, but the supplied registry metadata says no required env vars and no primary credential, so the credential requirement may not be surfaced by metadata.

Skill content

Required ENV variables: `CLICKUP_API_KEY`, `CLICKUP_DEFAULT_LIST_ID`

Recommendation

Use a dedicated or least-privilege ClickUp token if available, restrict the target list, protect the environment variable, and rotate the token if it is exposed.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less provenance information for deciding whether the local shell script is the intended and maintained version.

Why it was flagged

The executable shell script is included for review, but the skill has no known upstream source, homepage, or install specification.

Skill content

Source: unknown
Homepage: none
No install spec — this is an instruction-only skill.
Code file presence: 1 code file(s): clup.sh

Recommendation

Review the included script before use, install from a trusted source when possible, and avoid granting broader system access than needed.