ClawHub

ClickUp

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The ClickUp skill is coherent and not malicious, but it requires a ClickUp API token and includes documented task-changing API operations that users should intentionally control.

Install this only if you want the agent to access your ClickUp workspace. Provide a scoped token if possible, verify the intended team/list IDs, install curl and jq if using the helper script, and ask for confirmation before any create, update, or delete task action.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

A configured ClickUp token lets the skill access the associated ClickUp workspace according to that token's permissions.

Why it was flagged

The script sends a ClickUp API token as an Authorization header. This is expected for the integration, but the registry metadata lists no primary credential or required env vars, so users should notice the account-access requirement.

Skill content
curl -s "https://api.clickup.com/api/v2${endpoint}" \
        -H "Authorization: ${CLICKUP_API_KEY}"
Recommendation

Use the least-privileged ClickUp token available, limit workspace/list IDs where possible, and avoid placing secrets in shared or logged files.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

If the agent is given a token with write permissions, it could modify or delete ClickUp tasks when following user requests or automation instructions.

Why it was flagged

The documentation includes ClickUp operations that can create, update, or delete tasks. This fits the stated task-management purpose, but it can change business workflow data if used without care.

Skill content
| `/task/{task_id}` | PUT | Update task |
| `/task/{task_id}` | DELETE | Delete task |
| `/list/{list_id}/task` | POST | Create task |
Recommendation

Require explicit confirmation before create, update, or delete actions, and prefer read-only/reporting use unless task changes are intended.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users may be surprised at setup time because the registry says no credentials or binaries are required, but the helper script will not work without configuration and local tooling.

Why it was flagged

The script documents required environment variables, and it also uses local tools such as curl and jq, while the registry requirements declare no env vars or binaries. This is an incomplete metadata/setup declaration rather than hidden behavior.

Skill content
Environment variables required:
  CLICKUP_API_KEY    Your ClickUp API token
  CLICKUP_TEAM_ID    Your team/workspace ID
Recommendation

Declare CLICKUP_API_KEY, CLICKUP_TEAM_ID, curl, and jq in the skill metadata or document the setup requirements prominently before use.