clickup
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the official ClickUp API domain (api.clickup.com) to manage tasks, workspaces, and time tracking. These are expected operations for the skill's stated purpose.- [COMMAND_EXECUTION]: The skill uses standard shell commands (curl, python3) to interact with the ClickUp API. These commands are used to fetch, process, and display task data as described in the documentation.- [CREDENTIALS_UNSAFE]: The documentation provides clear instructions for users to provide their own ClickUp API token via the
CLICKUP_TOKENenvironment variable. It uses a placeholder 'pk_YOUR_TOKEN_HERE' in examples, which is a safe practice. It also correctly advises users on how to persist this token in their local shell environment.- [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network activity is confined to the official ClickUp API endpoints required for the skill's functionality.
Audit Metadata