clickup-enterprise-rbac

Facilitates ClickUp Enterprise SSO and OAuth 2.0 for multi-workspace access and role-based permissions management.

Install this skill

70/100

Security score

The clickup-enterprise-rbac skill was audited on May 18, 2026 and we found 14 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 42

Template literal with variable interpolation in command context

SourceSKILL.md

42	const data = await clickupRequest(`/team/${teamId}`);

medium line 66

Template literal with variable interpolation in command context

SourceSKILL.md

66	return `https://app.clickup.com/api?client_id=${process.env.CLICKUP_CLIENT_ID}&redirect_uri=${encodeURIComponent(process.env.CLICKUP_REDIRECT_URI!)}&state=${state}`;

medium line 140

Template literal with variable interpolation in command context

SourceSKILL.md

140	error: `Requires role ${requiredRole} or higher`,

medium line 167

Template literal with variable interpolation in command context

SourceSKILL.md

167	await clickupRequest(`/team/${teamId}/group`, {

low line 71

Fetch to external URL

SourceSKILL.md

71	const response = await fetch('https://api.clickup.com/api/v2/oauth/token', {

low line 84

Fetch to external URL

SourceSKILL.md

84	const teamsResponse = await fetch('https://api.clickup.com/api/v2/team', {

low line 118

Fetch to external URL

SourceSKILL.md

118	const teamsRes = await fetch('https://api.clickup.com/api/v2/team', {

low line 66

Access to .env file

SourceSKILL.md

66	return `https://app.clickup.com/api?client_id=${process.env.CLICKUP_CLIENT_ID}&redirect_uri=${encodeURIComponent(process.env.CLICKUP_REDIRECT_URI!)}&state=${state}`;

low line 75

Access to .env file

SourceSKILL.md

75	client_id: process.env.CLICKUP_CLIENT_ID,

low line 76

Access to .env file

SourceSKILL.md

76	client_secret: process.env.CLICKUP_CLIENT_SECRET,

low line 66

External URL reference

SourceSKILL.md

66	return `https://app.clickup.com/api?client_id=${process.env.CLICKUP_CLIENT_ID}&redirect_uri=${encodeURIComponent(process.env.CLICKUP_REDIRECT_URI!)}&state=${state}`;

low line 71

External URL reference

SourceSKILL.md