Skills
skills/brightprogrammer7/clickup-skills/clickup/Socket

clickup

Fail

Audited by Socket on Mar 9, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
SKILL.md

Overall, the skill is coherent with its stated purpose of interfacing with ClickUp via REST API using a personal API token. The footprint is benign: it relies on official API endpoints, uses standard token-based authentication, and does not demonstrate suspicious data exfiltration, third-party binary installs, or automatic privileged actions without user consent. Recommend minimal risk rating (securityRisk around 0.15) with emphasis on secure token handling (avoid logging, use least-privilege token, and consider scope restrictions).

Confidence: 98%
Audit Metadata
Analyzed At
Mar 9, 2026, 04:36 PM
Package URL
pkg:socket/skills-sh/brightprogrammer7%2Fclickup-skills%2Fclickup%2F@c2e741259230a886013495e19bce5a35b9c2d254