ClawHub

ClickUp MCP

v1.0.0

Manage ClickUp tasks, docs, time tracking, comments, chat, and search via official MCP. OAuth authentication required.

4· 3.6k·21 current·22 all-time
by@pvoo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's capabilities (search, tasks, comments, time tracking, docs) align with what a ClickUp MCP integration would need. However, the SKILL.md metadata declares a required binary (mcporter) and env var (CLICKUP_TOKEN) while the registry fields show no required bins or env — this metadata mismatch is an incoherence that should be clarified.
!
Instruction Scope
The instructions explicitly tell the operator to read ~/.claude/.credentials.json and extract a ClickUp access token using jq, then place that token into ~/.clawdbot/.env and into a local config (config/mcporter.json). Asking the agent (or user) to read another client's credential file and extract tokens is scope creep and a privacy/credential exposure risk; it goes beyond simply telling you how to call the ClickUp MCP API.
Install Mechanism
This is instruction-only (no install spec), which is lower risk than arbitrary downloads. That said, the skill depends on an external tool (mcporter) but provides no install guidance or provenance for that tool — the lack of an install spec plus reliance on mcporter is an operational gap the registry should document.
!
Credentials
Functionally it makes sense that a ClickUp integration needs a ClickUp token, but the SKILL.md requests a long‑lived token (stated ~10 years) and instructs extracting it from another application's credentials file. The registry does not declare CLICKUP_TOKEN as a required credential, increasing the inconsistency. Asking for tokens with such longevity and telling users to harvest them from other clients is disproportionate and risky.
Persistence & Privilege
The skill does not force permanent inclusion (always: false) and does not request elevated platform privileges. However, it instructs writing the token into ~/.clawdbot/.env and editing config/mcporter.json — modifying local config is expected for a connector, but combined with the token-extraction workflow it increases persistence of a sensitive credential and expands blast radius if the token is compromised.
What to consider before installing
Before installing or using this skill: (1) Verify the skill's source and trustworthiness — the registry metadata mismatches the SKILL.md. (2) Do NOT extract tokens from other applications' credential stores unless you fully control and trust that environment; extracting from ~/.claude/.credentials.json exposes another client's secrets and is a red flag. (3) If you must use this connector, create a ClickUp OAuth token specifically for this integration (with the minimal scopes needed), store it securely (use a secrets manager rather than a long-lived plain-text ~/.env file), and rotate it after testing. (4) Confirm how mcporter is obtained and verify its integrity before installation. (5) Ask the publisher to correct the registry metadata to list required binaries and env vars explicitly, provide provenance for mcporter, and remove any directions that instruct harvesting credentials from other apps. If you cannot verify provenance or are uncomfortable with token extraction instructions, do not install or run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk978c0dj0hk4n51exk6eghhmk57yq153

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsmcporter
EnvCLICKUP_TOKEN

Comments