pp-clickup

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the @mvanhorn/printing-press-library package using npx and a Go-based CLI tool directly from github.com/mvanhorn/printing-press-library.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> parameter. This allows the agent to send command outputs, which could include sensitive workspace data, task details, or chat messages, to any external URL specified in the command arguments.
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands for installation (npx, go install) and operational tasks using the clickup-pp-cli binary. It also includes an analytics command that performs local processing on a SQLite database populated from external API data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 04:30 AM
Security Audit — agent-trust-hub — pp-clickup