clickup-install-auth

Facilitates ClickUp API v2 authentication setup using personal tokens or OAuth 2.0 for seamless integration.

Install this skill

60/100

Security score

The clickup-install-auth skill was audited on May 18, 2026 and we found 20 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 55

Template literal with variable interpolation in command context

SourceSKILL.md

55	const response = await fetch(`${CLICKUP_BASE}${path}`, {

medium line 83

Template literal with variable interpolation in command context

SourceSKILL.md

83	return `https://app.clickup.com/api?client_id=${CLIENT_ID}&redirect_uri=${encodeURIComponent(REDIRECT_URI)}`;

medium line 141

Template literal with variable interpolation in command context

SourceSKILL.md

141	super(`ClickUp API error ${status}: ${code}`);

medium line 108

Curl to non-GitHub URL

SourceSKILL.md

108	curl -s https://api.clickup.com/api/v2/user \

medium line 112

Curl to non-GitHub URL

SourceSKILL.md

112	curl -s https://api.clickup.com/api/v2/team \

low line 88

Fetch to external URL

SourceSKILL.md

88	const response = await fetch('https://api.clickup.com/api/v2/oauth/token', {

low line 46

Access to .env file

SourceSKILL.md

46	echo 'CLICKUP_API_TOKEN=pk_12345678_ABCDEFGHIJKLMNOPQRSTUVWXYZ' >> .env

low line 47

Access to .env file

SourceSKILL.md

47	echo '.env' >> .gitignore

low line 58

Access to .env file

SourceSKILL.md

58	'Authorization': process.env.CLICKUP_API_TOKEN!,

low line 79

Access to .env file

SourceSKILL.md

79	const CLIENT_ID = process.env.CLICKUP_CLIENT_ID!;

low line 92

Access to .env file

SourceSKILL.md

92	client_id: process.env.CLICKUP_CLIENT_ID,

low line 93

Access to .env file

SourceSKILL.md

93	client_secret: process.env.CLICKUP_CLIENT_SECRET,

low line 149

Access to .env file

SourceSKILL.md

149	# .env (NEVER commit)

low line 28

External URL reference

SourceSKILL.md

28	Configure ClickUp API v2 authentication. ClickUp supports two auth methods: Personal API Tokens (for personal/server-side use) and OAuth 2.0 (for multi-user apps). There is no official SDK --

low line 52

External URL reference

SourceSKILL.md

52	const CLICKUP_BASE = 'https://api.clickup.com/api/v2';

low line 80

External URL reference

SourceSKILL.md

80	const REDIRECT_URI = 'https://yourapp.com/auth/clickup/callback';

low line 83

External URL reference

SourceSKILL.md

83	return `https://app.clickup.com/api?client_id=${CLIENT_ID}&redirect_uri=${encodeURIComponent(REDIRECT_URI)}`;

low line 88

External URL reference

SourceSKILL.md

88	const response = await fetch('https://api.clickup.com/api/v2/oauth/token', {

low line 108

External URL reference

SourceSKILL.md

108	curl -s https://api.clickup.com/api/v2/user \

low line 112

External URL reference

SourceSKILL.md

112	curl -s https://api.clickup.com/api/v2/team \

Scanned on May 18, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedJune 10, 2026

claude-code api growth-marketer product-marketer sdr customer-success-manager business-development clickup marketing sales

jeremylongshore/claude-code-plugins-plus-skills