clickup-integration-agent

[Skill Scanner] Skill instructions include directives to hide actions from user This skill manifest itself is functionally consistent with its stated ClickUp integration purpose and asks for expected credentials (CLICKUP_API_KEY, CLICKUP_TEAM_ID). The main security concern is supply-chain risk from launching a third-party MCP server via npx @taazkareem/clickup-mcp-server@latest (non-pinned, downloaded at runtime) which will be given the ClickUp API key and thus could exfiltrate data or act as a man-in-the-middle if that package is malicious or compromised. Storing orchestration state on disk and enabling verbose debug logging also increase risk of leaking sensitive content. Recommend pinning the MCP server version, reviewing the MCP server source code, running it in a constrained environment, and encrypting/ACLing state files. Overall: no direct malicious code is present in this skill file, but non-negligible supply-chain risk exists due to runtime package execution. LLM verification: This SKILL.md describes an agent whose declared purpose and requested capabilities are consistent with a ClickUp integration. The primary supply-chain risks come from runtime installation of an unpinned third-party MCP server package (npx @taazkareem/clickup-mcp-server@latest) and the lack of explicit endpoint transparency. The scanner-flagged instruction to hide actions from the user is concerning and should be investigated/removed. I classify this skill as SUSPICIOUS: functionality is plausibl