skills/krodak/clickup-cli/clickup/Snyk

clickup

Fail

Audited by Snyk on May 12, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs non-interactive agent use of credentials (e.g., cup init --token pk_USER_TOKEN and export CU_API_TOKEN="pk_..."), which requires the LLM to include secret values verbatim in generated commands/outputs.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 12, 2026, 04:31 PM

Issues

1