ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clickup Project Management

v1.0.10

Manage ClickUp via natural language. Uses the taazkareem.com remote MCP server. A license key is required for full tool access (unlicensed calls return check...

0· 489·2 current·2 all-time
byTalib Kareem@taazkareem
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior: the skill proxies ClickUp operations through the taazkareem.com MCP server and declares CLICKUP_MCP_LICENSE_KEY as the required credential.
Instruction Scope
SKILL.md explicitly instructs enabling the bundled mcporter client and configuring it to send the license key and any ClickUp OAuth tokens to the remote MCP server. This behavior is necessary for the described proxying function but does involve transmitting sensitive workspace data and tokens to a third party.
Install Mechanism
Instruction-only skill with no install spec or downloaded code; nothing is written or executed by the skill itself beyond instructing use of an existing mcporter client.
Credentials
The only declared required environment variable is CLICKUP_MCP_LICENSE_KEY, which is reasonable. However, the runtime flow creates and transmits a ClickUp OAuth access token (via mcporter auth) to the remote server; while functionally necessary, that sensitive token is not declared as a required env var and will be exfiltrated to the third party.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is user-invocable only. It stores a license key in typical OpenClaw config paths and mcporter caches tokens locally as documented.
Assessment
This skill works by sending your ClickUp OAuth token, license key, and task payloads to a third-party server (clickup-mcp.taazkareem.com). That behavior is documented in SKILL.md, so the risk is transparency rather than deception. Before installing: (1) only proceed if you trust the operator and have reviewed the referenced GitHub repo; (2) consider using read-only or limited 'persona' headers to restrict what the server can do; (3) be aware your ClickUp OAuth token will be cached locally (~/.mcporter) and transmitted — revoke the token if you later stop trusting the service; (4) if you need stronger guarantees, host your own MCP proxy or use ClickUp's official API integrations instead. If you want a stricter assessment, provide the mcporter client code and the MCP server source (or confirmation of a trusted release) so we can verify there is no hidden exfiltration or unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk979gqdxn9msg1b4fs6562ckz981zm1k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
EnvCLICKUP_MCP_LICENSE_KEY
Primary envCLICKUP_MCP_LICENSE_KEY

Comments