Critical-risk tools in ClickUp MCP - Premium
8 of the 54 tools in ClickUp MCP - Premium are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_bulk_tasksDestructivePERMANENTLY delete multiple tasks. Each task needs: taskId or taskName + listName. Cannot be undone.
-
delete_folderDestructiveDelete folder. Requires folderId (preferred) or folderName + space info. WARNING: Permanent.
-
delete_listDestructiveDelete list. Requires listId (preferred) or listName. WARNING: Permanent.
-
delete_space_tagDestructiveDelete tag from ClickUp space. Requires tagName + (spaceId or spaceName). Warning: removes from all tasks, cannot be undone.
-
delete_taskDestructivePERMANENTLY delete task. If a task name is provided do not lookup the task ID, it will be resolved automatically. Cannot be undone.
-
delete_task_linkDestructiveRemove link between tasks. Requires taskId (preferred) and linkId (target task ID).
-
delete_time_entryDestructiveDelete a time entry. Requires timeEntryId.
-
remove_tag_from_taskDestructiveRemove tag from task. Requires tagName + (taskId or taskName + optional listName). Only removes association; tag remains in space.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.