clickup-multi-env-setup

Configures ClickUp API access for development, staging, and production environments with workspace isolation and token management.

Install this skill

or

53/100

Security score

The clickup-multi-env-setup skill was audited on May 18, 2026 and we found 19 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 89

Template literal with variable interpolation in command context

SourceSKILL.md

89	if (!value) throw new Error(`Missing required env var: ${key}`);

medium line 146

Template literal with variable interpolation in command context

SourceSKILL.md

146	`${operation} blocked in production. Set CLICKUP_ALLOW_DESTRUCTIVE=true to override.`

medium line 156

Template literal with variable interpolation in command context

SourceSKILL.md

156	`/list/${listId}/task?statuses[]=complete`

medium line 159

Template literal with variable interpolation in command context

SourceSKILL.md

159	await clickupRequest(`/task/${task.id}`, { method: 'DELETE' });

medium line 166

Template literal with variable interpolation in command context

SourceSKILL.md

166

```bash

medium line 182

Curl to non-GitHub URL

SourceSKILL.md

182	RESULT=$(curl -sf https://api.clickup.com/api/v2/user \

low line 53

Access to .env file

SourceSKILL.md

53	const env = process.env.NODE_ENV ?? 'development';

low line 81

Access to .env file

SourceSKILL.md

81	teamId: process.env.CLICKUP_TEAM_ID ?? '',

low line 88

Access to .env file

SourceSKILL.md

88	const value = process.env[key];

low line 97

Access to .env file

SourceSKILL.md

97	# .env.development (local dev, git-ignored)

low line 101

Access to .env file

SourceSKILL.md

101	# .env.staging (CI/CD only, git-ignored)

low line 105

Access to .env file

SourceSKILL.md

105	# .env.production (secrets manager only, NEVER in files)

low line 111

Access to .env file

SourceSKILL.md

111	# .env.example (commit this as template)

low line 141

Access to .env file

SourceSKILL.md

141	const env = process.env.NODE_ENV ?? 'development';

low line 144

Access to .env file

SourceSKILL.md

144	if (env === 'production' && !process.env.CLICKUP_ALLOW_DESTRUCTIVE) {

medium line 198

Access to .env file

SourceSKILL.md

198	\| Missing env var \| Not configured \| Check .env file or secrets manager \|

low line 36

External URL reference

SourceSKILL.md

36	Key point: All ClickUp API calls go to `https://api.clickup.com/api/v2/` regardless of environment. Environment isolation comes from using different tokens that are authorized for different worksp

low line 182

External URL reference

SourceSKILL.md

182	RESULT=$(curl -sf https://api.clickup.com/api/v2/user \

low line 205

External URL reference

SourceSKILL.md

205	- [12-Factor App Config](https://12factor.net/config)

Scanned on May 18, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedJune 10, 2026

claude-code api growth-marketer product-marketer sdr customer-success-manager business-development clickup marketing sales

jeremylongshore/claude-code-plugins-plus-skills