clickup-security-basics

Featured

Secure ClickUp API tokens, implement least-privilege access, and audit usage. Use when securing API keys, rotating tokens, configuring per-environment credentials, or auditing ClickUp API access patterns. Trigger: "clickup security", "clickup secrets", "secure clickup token", "clickup API key rotation", "clickup access audit".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# ClickUp Security Basics ## Overview Secure ClickUp API credentials and access patterns. ClickUp personal tokens never expire, making rotation discipline critical. OAuth tokens also do not expire but can be revoked. ## Token Types and Risk | Token Type | Prefix | Expires | Scope | Risk Level | |------------|--------|---------|-------|------------| | Personal API Token | `pk_` | Never | Full user access | High -- treat like password | | OAuth Access Token | Varies | Never | Per-authorized workspace | Medium -- per-user | | OAuth Client Secret | N/A | Never | App-level | Critical -- server-side only | ## Secure Storage ```bash # .env (NEVER commit) CLICKUP_API_TOKEN=pk_12345678_ABCDEFGHIJKLMNOPQRSTUVWXYZ # .gitignore (mandatory) .env .env.local .env.*.local *.pem ``` ```bash # Git pre-commit hook to catch leaked tokens # .git/hooks/pre-commit #!/bin/bash if git diff --cached --diff-filter=ACM | grep -qE "pk_[a-zA-Z0-9_]{30,}"; then echo "ERROR: ClickUp API token detected in staged files!" echo "Remove the token and use environment variables instead." exit 1 fi ``` ## Token Rotation Procedure ```bash # 1. Generate new token: ClickUp > Settings > Apps > Regenerate # 2. Update environment export CLICKUP_API_TOKEN="pk_NEW_TOKEN_HERE" # 3. Verify new token works curl -sf https://api.clickup.com/api/v2/user \ -H "Authorization: $CLICKUP_API_TOKEN" | jq '.user.username' # 4. Update secrets in deployment platform gh secret set CLICKUP_API_TOKEN --body "$CLICKUP_API...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

clickup-install-auth

Set up ClickUp API v2 authentication with personal tokens or OAuth 2.0. Use when configuring a new ClickUp integration, setting up API access, or initializing OAuth flows for multi-user apps. Trigger: "install clickup", "setup clickup auth", "clickup API token", "clickup OAuth", "configure clickup credentials".

2,266 Updated today
jeremylongshore
AI & Automation Solid

hootsuite-security-basics

Apply Hootsuite security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Hootsuite security configuration. Trigger with phrases like "hootsuite security", "hootsuite secrets", "secure hootsuite", "hootsuite API key security".

2,266 Updated today
jeremylongshore
AI & Automation Featured

attio-security-basics

Secure Attio API integrations -- token scoping, secret management, scope auditing, webhook signature verification, and rotation procedures. Trigger: "attio security", "attio secrets", "secure attio", "attio API key security", "attio scopes", "attio token rotation".

2,266 Updated today
jeremylongshore
AI & Automation Featured

hubspot-security-basics

Apply HubSpot security best practices for tokens, scopes, and webhook verification. Use when securing private app tokens, implementing least privilege scopes, or validating HubSpot webhook signatures. Trigger with phrases like "hubspot security", "hubspot token rotation", "secure hubspot", "hubspot scopes", "hubspot webhook verify".

2,266 Updated today
jeremylongshore
AI & Automation Featured

clickup-multi-env-setup

Configure ClickUp API access across dev, staging, and production environments with per-environment tokens and workspace isolation. Trigger: "clickup environments", "clickup staging", "clickup dev prod", "clickup environment setup", "clickup config by env", "clickup multi-env".

2,266 Updated today
jeremylongshore