clickup-observability
Monitors ClickUp API integrations with metrics, tracing, and logging for enhanced observability and alerting.
Install this skill
or
75/100
Security score
The clickup-observability skill was audited on May 30, 2026 and we found 9 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 87
Template literal with variable interpolation in command context
SourceSKILL.md
| 87 | const response = await fetch(`https://api.clickup.com/api/v2${path}`, { |
medium line 100
Template literal with variable interpolation in command context
SourceSKILL.md
| 100 | const status = response.ok ? 'success' : `${response.status}`; |
medium line 109
Template literal with variable interpolation in command context
SourceSKILL.md
| 109 | throw new Error(`ClickUp ${response.status}: ${body.err}`); |
medium line 136
Template literal with variable interpolation in command context
SourceSKILL.md
| 136 | return tracer.startActiveSpan(`clickup.${operationName}`, async (span) => { |
low line 90
Access to .env file
SourceSKILL.md
| 90 | 'Authorization': process.env.CLICKUP_API_TOKEN!, |
low line 160
Access to .env file
SourceSKILL.md
| 160 | const logger = pino({ name: 'clickup', level: process.env.LOG_LEVEL ?? 'info' }); |
low line 87
External URL reference
SourceSKILL.md
| 87 | const response = await fetch(`https://api.clickup.com/api/v2${path}`, { |
low line 230
External URL reference
SourceSKILL.md
| 230 | - [Prometheus Best Practices](https://prometheus.io/docs/practices/naming/) |
low line 231
External URL reference
SourceSKILL.md
| 231 | - [OpenTelemetry JS SDK](https://opentelemetry.io/docs/languages/js/) |
Scanned on May 30, 2026
View Security DashboardGitHub Stars 2.2K
Rate this skill
Categorymarketing
UpdatedJune 10, 2026
jeremylongshore/claude-code-plugins-plus-skills