skills/krodak/clickup-cli/clickup/Snyk

clickup

Fail

Audited by Snyk on Apr 28, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs non-interactive agent use to run commands like cup init --token pk_USER_TOKEN (and shows token prefixes), which requires embedding the API token verbatim in generated commands/outputs, creating an exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 28, 2026, 05:03 AM

Issues

1