Audit-Verlauf
clickup-integration-expert - 6 Audits
Audit-Version 6
Neueste Niedriges RisikoJun 28, 2026, 08:54 AM
The static external-command and weak-cryptography findings are false positives caused by Markdown code fences, inline command names, and table text. The only confirmed concern is a documented setup command that adds the official ClickUp MCP endpoint and requires OAuth, which is expected for this integration.
Confirmed security concerns (1)
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Risikofaktoren
🌐 Netzwerkzugriff (1)
Audit-Version 5
SicherJan 16, 2026, 04:46 PM
Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities. Static findings are false positives caused by the scanner misidentifying documentation formatting and JSON examples as security patterns.
Risikofaktoren
🌐 Netzwerkzugriff (1)
Audit-Version 4
SicherJan 16, 2026, 04:46 PM
Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities. Static findings are false positives caused by the scanner misidentifying documentation formatting and JSON examples as security patterns.
Risikofaktoren
🌐 Netzwerkzugriff (1)
Audit-Version 3
SicherJan 10, 2026, 10:17 AM
Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities.
Audit-Version 2
SicherJan 10, 2026, 10:17 AM
Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities.
Audit-Version 1
SicherJan 10, 2026, 10:17 AM
Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities.