Back to skill

Security audit

Super Clickup Mcp 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This ClickUp integration is mostly coherent, but it asks users to manually extract and reuse a long-lived OAuth bearer token from Claude Code credentials without enough security warning or containment.

Install only if you are comfortable giving this skill broad ClickUp workspace access. Treat CLICKUP_TOKEN as a password: do not paste it into chats, commit it, include it in screenshots, or sync it through dotfiles. Prefer direct OAuth in a supported client when possible, and revoke or rotate the ClickUp authorization if the token may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to extract an OAuth access token from a local credentials store and copy it into another environment file, but it does not warn that this token is sensitive bearer credential material. Because the token is described as long-lived and is moved into a reusable config path, accidental disclosure through shell history, logs, dotfile sync, screenshots, or source control becomes much more likely.

Credential Access

High
Category
Privilege Escalation
Content
Tokens are long-lived (~10 years). If expired:
1. Re-run `/mcp` in Claude Code
2. Re-extract token from `~/.claude/.credentials.json`
3. Update `CLICKUP_TOKEN` in `.env`

## Available Tools (32)
Confidence
97% confidence
Finding
credentials.json

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.