clickup-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions, role-play attempts, or system prompt extraction patterns were detected.
- [DATA_EXFILTRATION]: The skill uses placeholders like
$CLICKUP_API_TOKENfor authentication, following best practices for secret management. Network operations are directed to the official ClickUp API domain (api.clickup.com), which is a well-known and legitimate service. - [COMMAND_EXECUTION]: Bash commands using
curlare provided as examples for workspace management, which is consistent with the skill's stated purpose of managing webhooks. - [EXTERNAL_DOWNLOADS]: No remote scripts or unverified package installations were found. The code examples use standard libraries like
expressfor legitimate server-side implementation logic.
Audit Metadata