Security audit
Clickup Project Management
Security checks across malware telemetry and agentic risk
Overview
This ClickUp integration is disclosed and purpose-aligned, but it sends ClickUp OAuth credentials and workspace data to a third-party server with broad project-management authority.
Install only if you trust the taazkareem.com MCP operator with your ClickUp OAuth access and workspace contents. Prefer the read-only or no-delete tool filters, require explicit approval for destructive ClickUp actions, avoid sensitive workspaces, and revoke the ClickUp OAuth authorization when you stop using the skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
