Skills
skills/sundial-org/awesome-openclaw-skills/clickup-mcp/Gen Agent Trust Hub

clickup-mcp

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXPOSURE]: The setup instructions guide the user to programmatically extract sensitive OAuth access tokens from a private application configuration file: ~/.claude/.credentials.json. Accessing internal application storage for credentials is a security risk as these files are not intended for external consumption.
  • [PROMPT_INJECTION]: This skill possesses a significant indirect prompt injection surface as it ingests untrusted data from an external source (ClickUp).
  • Ingestion points: Tools such as clickup_search, clickup_get_task, clickup_get_task_comments, clickup_get_chat_channels, and clickup_get_document_pages read external content.
  • Boundary markers: None identified in the prompt templates to delimit external data from instructions.
  • Capability inventory: The skill can perform write operations (create tasks, update tasks, send chat messages) based on instructions, which could be abused if malicious content is read from a task description or comment.
  • Sanitization: No evidence of sanitization or filtering for the retrieved external content.
  • [EXTERNAL_DOWNLOADS]: The skill is configured to communicate with the ClickUp MCP endpoint at https://mcp.clickup.com/mcp. This is a well-known service associated with the official ClickUp platform.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 12:24 AM