Critical-risk tools in ClickUp MCP
9 of the 57 tools in ClickUp MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_bulk_tasksDestructivePERMANENTLY deletes multiple tasks. For each task: use taskId (preferred/safest) or taskName + listName. Configure batch size/concurrency via options. WARNING: Cannot be undone,...
-
delete_folderDestructivePERMANENTLY deletes folder and all contents. Use folderId (preferred/safest) or folderName + (spaceId/spaceName). WARNING: Cannot be undone, all lists/tasks deleted, folderName ...
-
delete_listDestructivePERMANENTLY deletes a ClickUp list and all its tasks. Use listId (preferred/safest) or listName. WARNING: Cannot be undone, all tasks will be deleted, listName risky if not unique.
-
delete_space_tagDestructivePurpose: Delete a tag from a ClickUp space. Valid Usage: 1. Provide spaceId (preferred if available) 2. Provide spaceName (will be resolved to a space ID) Requirements: - tagN...
-
delete_taskDestructivePERMANENTLY deletes task. Use taskId (preferred/safest) or taskName + optional listName. WARNING: Cannot be undone. Using taskName without listName may match multiple tasks.
-
delete_time_entryDestructiveDeletes a time entry. Required: time entry ID.
-
manage_containerDestructiveUnified tool for creating, updating, or deleting ClickUp lists and folders. Consolidates list and folder CRUD operations. Specify type (list/folder) and action (create/update/de...
-
operate_tagsDestructiveUnified tag management for ClickUp workspaces. SPACE SCOPE - Manage tags in a space: - list: Get all tags in a space - create: Create a new tag (requires tagName, optional colo...
-
task_time_trackingDestructiveTrack time on tasks. Actions: get_entries (retrieve), start (begin timer), stop (end timer), add_entry (manual entry), delete_entry (remove entry), get_current (running timer). ...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.