Historial de auditorías - clickup-integration-expert

Versión de auditoría 6

Más reciente Riesgo bajo

Jun 28, 2026, 08:54 AM

The static external-command and weak-cryptography findings are false positives caused by Markdown code fences, inline command names, and table text. The only confirmed concern is a documented setup command that adds the official ClickUp MCP endpoint and requires OAuth, which is expected for this integration.

1

Archivos escaneados

69

Líneas analizadas

4

hallazgos

codex

Auditado por

Problemas de riesgo bajo (3)

SKILL.md:53-56

Documented ClickUp MCP Network Endpoint

The skill instructs users to add the official ClickUp MCP endpoint and authenticate with OAuth. This is expected functionality, but users should understand that roadmap data may be sent to ClickUp during sync operations.

SKILL.md:22-56

False Positive: Markdown Backtick Execution

The reported Ruby or shell backtick execution findings point to Markdown code fences, inline command names, and documentation tables. No executable Ruby code or shell backtick substitution is present.

SKILL.md:3 SKILL.md:39

False Positive: Weak Cryptography Detection

The reported weak cryptographic algorithm findings occur on the frontmatter description and a Markdown table header. No hashing, encryption, or cryptographic API usage is present.

Factores de riesgo

🌐 Acceso a red (1)

SKILL.md:53

Versión de auditoría 5

Seguro

Jan 16, 2026, 04:46 PM

Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities. Static findings are false positives caused by the scanner misidentifying documentation formatting and JSON examples as security patterns.

2

Archivos escaneados

113

Líneas analizadas

2

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (1)

SKILL.md:53

⚙️ Comandos externos (13)

SKILL.md:22 SKILL.md:24-35 SKILL.md:35-41 SKILL.md:41-42 SKILL.md:42-43 SKILL.md:43-44 SKILL.md:44-45 SKILL.md:45-46 SKILL.md:46-47 SKILL.md:47-52 SKILL.md:52-54 SKILL.md:54-56 SKILL.md:56-61

Versión de auditoría 4

Seguro

Jan 16, 2026, 04:46 PM

Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities. Static findings are false positives caused by the scanner misidentifying documentation formatting and JSON examples as security patterns.

2

Archivos escaneados

113

Líneas analizadas

2

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (1)

SKILL.md:53

⚙️ Comandos externos (13)

SKILL.md:22 SKILL.md:24-35 SKILL.md:35-41 SKILL.md:41-42 SKILL.md:42-43 SKILL.md:43-44 SKILL.md:44-45 SKILL.md:45-46 SKILL.md:46-47 SKILL.md:47-52 SKILL.md:52-54 SKILL.md:54-56 SKILL.md:56-61

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:17 AM

Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities.

1

Archivos escaneados

69

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:17 AM

Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities.

1

Archivos escaneados

69

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:17 AM

Pure prompt-based skill with no executable code. Only contains documentation about ClickUp integration patterns and MCP usage. No file access, network calls, or command execution capabilities.

1

Archivos escaneados

69

Líneas analizadas

0

hallazgos

claude

Auditado por

No se encontraron problemas de seguridad