by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to correctly implement a ClickUp integration via a third-party managed-OAuth gateway (maton.ai). Before installing: (1) Confirm you trust maton.ai — MATON_API_KEY gives that service the ability to act on your ClickUp data; (2) Store MATON_API_KEY in a secure secret area (do not paste it in chat); (3) Review Maton's privacy/security docs and the scopes granted during OAuth; (4) If you prefer direct integration with ClickUp, consider a skill that calls api.clickup.com directly o...详细分析 ▾
✓ 用途与能力
The name/description (ClickUp API integration with managed OAuth) matches the runtime instructions, which call gateway.maton.ai and ctrl.maton.ai to list/manage ClickUp resources and connections. No unrelated services, binaries, or paths are requested.
ℹ 指令范围
All instructions are limited to HTTP calls to Maton endpoints and use the MATON_API_KEY environment variable. This is consistent with a managed-OAuth gateway model, but it means ClickUp tokens and API traffic are routed through maton.ai — a trust/privacy consideration for users.
✓ 安装机制
Instruction-only skill with no install spec or code files to write to disk. Lowest-risk install posture: nothing is downloaded or executed on the host by the skill definition itself.
✓ 凭证需求
Only one env var (MATON_API_KEY) is required and is directly used in every example. The requested secret is proportional to a gateway-based ClickUp integration. There are no unrelated secrets or config paths requested.
✓ 持久化与权限
The skill is not always-on and uses normal model invocation settings. It does not request system-level persistence or modify other skills' configurations in the provided instructions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/2/3
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install clickup-api
镜像加速npx clawhub@latest install clickup-api --registry https://cn.longxiaskill.com