// SCAN REPORT

ClickUp MCP - Premium

54 tools. 35 can modify or destroy data without limits.

8 destructive tools with no built-in limits. Policy required.

Last updated:

35 can modify or destroy data
19 read-only
54 tools total
// TOOL MAP
Read (19) Write / Execute (27) Destructive / Financial (8)
// WHAT CAN GO WRONG

Destructive tools (delete_bulk_tasks, delete_folder, delete_list) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (add_tag_to_task, add_task_link, add_time_entry) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (start_time_tracking, stop_time_tracking) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and ClickUp MCP - Premium. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @taazkareem/clickup-mcp-premium
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
delete_bulk_tasks:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
add_tag_to_task:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
duplicate_task:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 54 CLICKUP MCP - PREMIUM TOOLS
DESTRUCTIVE 8 tools
Destructive delete_bulk_tasks Destructive delete_folder Destructive delete_list Destructive delete_space_tag Destructive delete_task Destructive delete_task_link Destructive delete_time_entry Destructive remove_tag_from_task
EXECUTE 2 tools
Execute start_time_tracking Execute stop_time_tracking
WRITE 25 tools
Write add_tag_to_task Write add_task_link Write add_time_entry Write attach_task_file Write create_bulk_tasks Write create_chat_channel Write create_chat_message Write create_document Write create_document_page Write create_folder Write create_list Write create_list_in_folder Write create_space_tag Write create_task Write create_task_comment Write move_bulk_tasks Write move_task Write resolve_assignees Write submit_feedback Write update_bulk_tasks Write update_document_page Write update_folder Write update_list Write update_space_tag Write update_task
READ 19 tools
Read duplicate_task Read find_member_by_name Read get_chat_channels Read get_chat_messages Read get_current_time_entry Read get_document Read get_document_pages Read get_folder Read get_list Read get_space_tags Read get_task Read get_task_comments Read get_task_links Read get_task_time_entries Read get_workspace_hierarchy Read get_workspace_members Read get_workspace_tasks Read list_document_pages Read list_documents
// FAQ
Can an AI agent delete data through the ClickUp MCP - Premium MCP server? +

Yes. The ClickUp MCP - Premium server exposes 8 destructive tools including delete_bulk_tasks, delete_folder, delete_list. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through ClickUp MCP - Premium? +

The ClickUp MCP - Premium server has 25 write tools including add_tag_to_task, add_task_link, add_time_entry. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the ClickUp MCP - Premium MCP server expose? +

54 tools across 4 categories: Destructive, Execute, Read, Write. 19 are read-only. 35 can modify, create, or delete data.

How do I add Intercept to my ClickUp MCP - Premium setup? +

One line change. Instead of running the ClickUp MCP - Premium server directly, prefix it with Intercept: intercept -c taazkareem-clickup-mcp-premium.yaml -- npx -y @taazkareem/clickup-mcp-premium. Download a pre-built policy from policylayer.com/policies/taazkareem-clickup-mcp-premium and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
adminautomation
Aibtc 288 tools
adminautomation
Google Super 200 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Mcp Sitecore 153 tools
adminautomation
SmartBear MCP 147 tools
adminautomation
Slack 143 tools
adminautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.