Back to skill

Security audit

ClickUp MCP

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ClickUp integration, but it should be reviewed because it asks users to copy a long-lived ClickUp token and enables broad workspace changes.

Install only if you are comfortable giving the agent broad access to your ClickUp workspace. Treat CLICKUP_TOKEN like a password, keep the env file private and out of source control, prefer a least-privileged ClickUp account or workspace where possible, and require explicit confirmation before the agent updates tasks, edits docs, logs time, uploads files, posts comments, or sends chat messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to extract an OAuth access token from ~/.claude/.credentials.json and place it into a plain environment file, while also stating the token is long-lived (~10 years). This materially increases credential exposure risk because users are encouraged to manually handle a durable bearer token without any explicit warning about secure storage, least privilege, or avoiding accidental disclosure in logs, shell history, backups, or repos.

Credential Access

High
Category
Privilege Escalation
Content
Tokens are long-lived (~10 years). If expired:
1. Re-run `/mcp` in Claude Code
2. Re-extract token from `~/.claude/.credentials.json`
3. Update `CLICKUP_TOKEN` in `.env`

## Available Tools (32)
Confidence
91% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.