clickup

Integrates with ClickUp API for managing tasks, projects, and workflows using OAuth authentication.

Install this skill

or

4/100

Security score

The clickup skill was audited on Feb 11, 2026 and we found 60 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 740

Template literal with variable interpolation in command context

SourceSKILL.md

740	'Authorization': `Bearer ${process.env.MATON_API_KEY}`

low line 736

Fetch to external URL

SourceSKILL.md

736	const response = await fetch(

medium line 4

Webhook reference - potential data exfiltration

SourceSKILL.md

4	ClickUp API integration with managed OAuth. Access tasks, lists, folders, spaces, workspaces, users, and manage webhooks. Use this skill when users want to manage work items, track projects, or integr

medium line 18

Webhook reference - potential data exfiltration

SourceSKILL.md

18	Access the ClickUp API with managed OAuth authentication. Manage tasks, lists, folders, spaces, workspaces, users, and webhooks for work management.

medium line 626

Webhook reference - potential data exfiltration

SourceSKILL.md

626	### Webhooks

medium line 628

Webhook reference - potential data exfiltration

SourceSKILL.md

628	#### Get Webhooks

low line 631

Webhook reference - potential data exfiltration

SourceSKILL.md

631	GET /clickup/api/v2/team/{team_id}/webhook

low line 639

Webhook reference - potential data exfiltration

SourceSKILL.md

639	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team/1234567/webhook')

medium line 645

Webhook reference - potential data exfiltration

SourceSKILL.md

645	#### Create Webhook

low line 648

Webhook reference - potential data exfiltration

SourceSKILL.md

648	POST /clickup/api/v2/team/{team_id}/webhook

low line 652

Webhook reference - potential data exfiltration

SourceSKILL.md

652	"endpoint": "https://example.com/webhook",

low line 679

Webhook reference - potential data exfiltration

SourceSKILL.md

679	data = json.dumps({'endpoint': 'https://example.com/webhook', 'events': ['taskCreated', 'taskUpdated']}).encode()

low line 680

Webhook reference - potential data exfiltration

SourceSKILL.md

680	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team/1234567/webhook', data=data, method='POST')

low line 690

Webhook reference - potential data exfiltration

SourceSKILL.md

690	"id": "webhook123",

low line 691

Webhook reference - potential data exfiltration

SourceSKILL.md

691	"webhook": {

low line 692

Webhook reference - potential data exfiltration

SourceSKILL.md

692	"id": "webhook123",

low line 695

Webhook reference - potential data exfiltration

SourceSKILL.md

695	"endpoint": "https://example.com/webhook",

medium line 704

Webhook reference - potential data exfiltration

SourceSKILL.md

704	#### Update a Webhook

low line 707

Webhook reference - potential data exfiltration

SourceSKILL.md

707	PUT /clickup/api/v2/webhook/{webhook_id}

medium line 710

Webhook reference - potential data exfiltration

SourceSKILL.md

710	#### Delete a Webhook

low line 713

Webhook reference - potential data exfiltration

SourceSKILL.md

713	DELETE /clickup/api/v2/webhook/{webhook_id}

medium line 817

Webhook reference - potential data exfiltration

SourceSKILL.md

817	- [Create Webhook](https://developer.clickup.com/reference/createwebhook.md)

low line 740

Access to .env file

SourceSKILL.md

740	'Authorization': `Bearer ${process.env.MATON_API_KEY}`

low line 4

External URL reference

SourceSKILL.md

4	ClickUp API integration with managed OAuth. Access tasks, lists, folders, spaces, workspaces, users, and manage webhooks. Use this skill when users want to manage work items, track projects, or integr

low line 26

External URL reference

SourceSKILL.md

26	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team')

low line 35

External URL reference

SourceSKILL.md

35	https://gateway.maton.ai/clickup/{native-api-path}

low line 56

External URL reference

SourceSKILL.md

56	1. Sign in or create an account at [maton.ai](https://maton.ai)

low line 57

External URL reference

SourceSKILL.md

57	2. Go to [maton.ai/settings](https://maton.ai/settings)

low line 62

External URL reference

SourceSKILL.md

62	Manage your ClickUp OAuth connections at `https://ctrl.maton.ai`.

low line 69

External URL reference

SourceSKILL.md

69	req = urllib.request.Request('https://ctrl.maton.ai/connections?app=clickup&status=ACTIVE')

low line 81

External URL reference

SourceSKILL.md

81	req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')

low line 93

External URL reference

SourceSKILL.md

93	req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')

low line 107

External URL reference

SourceSKILL.md

107	"url": "https://connect.maton.ai/?session_token=...",

low line 121

External URL reference

SourceSKILL.md

121	req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')

low line 134

External URL reference

SourceSKILL.md

134	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team')

low line 165

External URL reference

SourceSKILL.md

165	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team')

low line 210

External URL reference

SourceSKILL.md

210	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team/1234567/space')

low line 252

External URL reference

SourceSKILL.md

252	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team/1234567/space', data=data, method='POST')

low line 287

External URL reference

SourceSKILL.md

287	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/space/90120001/folder')

low line 328

External URL reference

SourceSKILL.md

328	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/space/90120001/folder', data=data, method='POST')

low line 363

External URL reference

SourceSKILL.md

363	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/folder/456789/list')

low line 409

External URL reference

SourceSKILL.md

409	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/folder/456789/list', data=data, method='POST')

low line 459

External URL reference

SourceSKILL.md

459	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/list/901234/task?include_closed=true')

low line 500

External URL reference

SourceSKILL.md

500	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/task/abc123')

low line 544

External URL reference

SourceSKILL.md

544	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/list/901234/task', data=data, method='POST')

low line 563

External URL reference

SourceSKILL.md

563	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/task/abc123', data=data, method='PUT')

low line 604

External URL reference

SourceSKILL.md

604	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/user')

low line 618

External URL reference

SourceSKILL.md

618	"profilePicture": "https://...",

low line 639

External URL reference

SourceSKILL.md

639	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team/1234567/webhook')

low line 652

External URL reference

SourceSKILL.md

652	"endpoint": "https://example.com/webhook",

low line 679

External URL reference

SourceSKILL.md

679	data = json.dumps({'endpoint': 'https://example.com/webhook', 'events': ['taskCreated', 'taskUpdated']}).encode()

low line 680

External URL reference

SourceSKILL.md

680	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/team/1234567/webhook', data=data, method='POST')

low line 695

External URL reference

SourceSKILL.md

695	"endpoint": "https://example.com/webhook",

low line 723

External URL reference

SourceSKILL.md

723	req = urllib.request.Request('https://gateway.maton.ai/clickup/api/v2/list/901234/task?page=0')

low line 737

External URL reference

SourceSKILL.md

737	'https://gateway.maton.ai/clickup/api/v2/list/901234/task',

low line 754

External URL reference

SourceSKILL.md

754	'https://gateway.maton.ai/clickup/api/v2/list/901234/task',

low line 795

External URL reference

SourceSKILL.md

795	req = urllib.request.Request('https://ctrl.maton.ai/connections')

low line 805

External URL reference

SourceSKILL.md

805	- Correct: `https://gateway.maton.ai/clickup/api/v2/team`

low line 806

External URL reference

SourceSKILL.md

806	- Incorrect: `https://gateway.maton.ai/api/v2/team`

low line 821

External URL reference

SourceSKILL.md

821	- [Maton Community](https://discord.com/invite/dBfFAcefs2)

Scanned on Feb 11, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categoryproject management

UpdatedApril 4, 2026

openclaw api project-manager operations-manager growth-marketer clickup project management operations marketing

openclaw/skills