clickup-deploy-integration

Facilitates deployment of ClickUp API integrations to various cloud platforms with secure management and health checks.

Install this skill

or

60/100

Security score

The clickup-deploy-integration skill was audited on May 18, 2026 and we found 16 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 54

Template literal with variable interpolation in command context

SourceSKILL.md

54	`https://api.clickup.com/api/v2/list/${listId}/task?archived=false`,

medium line 164

Template literal with variable interpolation in command context

SourceSKILL.md

164	console.log(`ClickUp event: ${event} for task ${task_id}`);

low line 123

Fetch to external URL

SourceSKILL.md

123	const response = await fetch('https://api.clickup.com/api/v2/user', {

medium line 34

Webhook reference - potential data exfiltration

SourceSKILL.md

34	\| `CLICKUP_WEBHOOK_SECRET` \| For webhook signature validation \| If using webhooks \|

medium line 152

Webhook reference - potential data exfiltration

SourceSKILL.md

152	## Webhook Endpoint for Deployments

low line 155

Webhook reference - potential data exfiltration

SourceSKILL.md

155	// api/webhooks/clickup.ts — receive ClickUp webhook events

low line 159

Webhook reference - potential data exfiltration

SourceSKILL.md

159	// ClickUp webhook payloads include event type and history_items

medium line 177

Webhook reference - potential data exfiltration

SourceSKILL.md

177	\| Webhook endpoint 5xx \| Slow processing \| Respond 200 immediately, process async \|

medium line 187

Webhook reference - potential data exfiltration

SourceSKILL.md

187	For webhook event handling, see `clickup-webhooks-events`.

low line 55

Access to .env file

SourceSKILL.md

55	{ headers: { 'Authorization': process.env.CLICKUP_API_TOKEN! } }

low line 124

Access to .env file

SourceSKILL.md

124	headers: { 'Authorization': process.env.CLICKUP_API_TOKEN! },

low line 54

External URL reference

SourceSKILL.md

54	`https://api.clickup.com/api/v2/list/${listId}/task?archived=false`,

low line 123

External URL reference

SourceSKILL.md

123	const response = await fetch('https://api.clickup.com/api/v2/user', {

low line 181

External URL reference

SourceSKILL.md

181	- [Vercel Environment Variables](https://vercel.com/docs/environment-variables)

low line 182

External URL reference

SourceSKILL.md

182	- [Fly.io Secrets](https://fly.io/docs/reference/secrets/)

low line 183

External URL reference

SourceSKILL.md

183	- [Cloud Run Secret Manager](https://cloud.google.com/run/docs/configuring/secrets)

Scanned on May 18, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedJune 10, 2026

claude-code api backend product-marketer growth-marketer backend-developer devops-sre technical-pm vercel gcp clickup marketing development product

jeremylongshore/claude-code-plugins-plus-skills