pp-clickup
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
@mvanhorn/printing-press-librarypackage usingnpxand a Go-based CLI tool directly fromgithub.com/mvanhorn/printing-press-library. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>parameter. This allows the agent to send command outputs, which could include sensitive workspace data, task details, or chat messages, to any external URL specified in the command arguments. - [COMMAND_EXECUTION]: The skill requires the execution of shell commands for installation (
npx,go install) and operational tasks using theclickup-pp-clibinary. It also includes ananalyticscommand that performs local processing on a SQLite database populated from external API data.
Audit Metadata