Critical-risk tools in ClickUp MCP - Premium

Critical severity ClickUp MCP - Premium MCP Server 8 of 54 tools

8 of the 54 tools in ClickUp MCP - Premium are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

delete_bulk_tasks Destructive 4/5

PERMANENTLY delete multiple tasks. Each task needs: taskId or taskName + listName. Cannot be undone.
delete_folder Destructive 4/5

Delete folder. Requires folderId (preferred) or folderName + space info. WARNING: Permanent.
delete_list Destructive 4/5

Delete list. Requires listId (preferred) or listName. WARNING: Permanent.
delete_space_tag Destructive 4/5

Delete tag from ClickUp space. Requires tagName + (spaceId or spaceName). Warning: removes from all tasks, cannot be undone.
delete_task Destructive 4/5

PERMANENTLY delete task. If a task name is provided do not lookup the task ID, it will be resolved automatically. Cannot be undone.
delete_task_link Destructive 4/5

Remove link between tasks. Requires taskId (preferred) and linkId (target task ID).
delete_time_entry Destructive 4/5

Delete a time entry. Requires timeEntryId.
remove_tag_from_task Destructive 4/5

Remove tag from task. Requires tagName + (taskId or taskName + optional listName). Only removes association; tag remains in space.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in ClickUp MCP - Premium

Tools at critical risk

Attacks that target this class

More on ClickUp MCP - Premium

Enforce policy on ClickUp MCP - Premium