Security Audit

clickup

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clickup received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Shell Command Injection via User-Controlled IDs.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Shell Command Injection via User-Controlled IDs The `scripts/clickup-query.sh` script constructs `curl` commands by directly interpolating user-provided `task_id` and `space_id` into the URL path without proper sanitization or validation. An attacker could inject shell metacharacters (e.g., `;`, `$()`, `` ` ``) into these IDs, leading to arbitrary command execution on the host system where the script is run. This affects the `get_task` and `list_lists` functions. Validate user-provided `task_id` and `space_id` to ensure they consist only of expected characters (e.g., digits) before interpolating them into shell commands. A simple regex check like `if [[ ! "$task_id" =~ ^[0-9]+$ ]]; then ...` can prevent injection. Alternatively, ensure proper shell quoting or URL encoding for these parameters.	LLM	scripts/clickup-query.sh:109
HIGH	Shell Command Injection via User-Controlled IDs The `scripts/clickup-query.sh` script constructs `curl` commands by directly interpolating user-provided `task_id` and `space_id` into the URL path without proper sanitization or validation. An attacker could inject shell metacharacters (e.g., `;`, `$()`, `` ` ``) into these IDs, leading to arbitrary command execution on the host system where the script is run. This affects the `get_task` and `list_lists` functions. Validate user-provided `task_id` and `space_id` to ensure they consist only of expected characters (e.g., digits) before interpolating them into shell commands. A simple regex check like `if [[ ! "$space_id" =~ ^[0-9]+$ ]]; then ...` can prevent injection. Alternatively, ensure proper shell quoting or URL encoding for these parameters.	LLM	scripts/clickup-query.sh:118

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/05aa9151064fd9dc.svg)](https://skillshield.io/report/05aa9151064fd9dc)