ClickUp MCP testing
As data analysts, we are constantly looking for ways to make our work more efficient. Since our company runs on ClickUp, we decided to test ClickUp MCP - a tool that lets you control ClickUp through AI assistants. In this article, we share our hands-on experience, the limitations we ran into, how secure access tokens really are, and who this solution actually makes sense for.
Lately, we have been testing the MCPs (Model Context Protocol) of various tools we work with. MCP is a standardized framework that allows AI assistants (Claude, ChatGPT, and others) to communicate with external tools. We use ClickUp to manage our team and our projects. It stores all our client records, project information, and carefully documented internal processes. That gives us a realistic way to plan capacity and keep detailed information about every project in one place. This is exactly where some MCP-based automation could help, because with the amount of work we handle, there is still quite a lot of repetitive clicking involved. We work with dozens of clients, after all, and if we could manage and edit the platform through AI commands, we could save time and spend it on other projects.
This article is meant to be useful for anyone planning to connect MCP to their own ClickUp. We want to offer an objective view of what you can actually expect from ClickUp MCP: its pros and cons, what working with it looks like in practice, and last but not least, how secure these MCP tools really are. We will walk through practical tests, show the specific limitations we ran into, and end with an honest assessment of who MCP makes sense for - and who it does not.
Which Clickup mcp we used
Official ClickUp MCP server - a solution built directly by the ClickUp team.
- Server URL: https://mcp.clickup.com/mcp
- Type: Official, closed-source, hosted by ClickUp
- Status: Public beta
- Authentication: OAuth (not an API key)
- Availability: All ClickUp plans, including Free
- Documentation: https://developer.clickup.com/docs/connect-an-ai-assistant-to-clickups-mcp-server
- Tool list: https://developer.clickup.com/docs/mcp-tools
There are also several community alternatives. Most of them are available as open-source on GitHub and use an API token instead of OAuth. The most popular community options are nsxdavid and hauptsacheNet, but none of them has the same level of support as the official solution.
what can the clickup mcp do
ClickUp MCP offers 33 specialized functions that are supposed to cover your day-to-day needs when working with this tool. These include:
- Task management - creating, editing, assigning tasks, setting priorities and deadlines
- Time tracking - starting/stopping the timer, manual entries, worked-time overviews
- Comments - reading and adding task comments, notifying the team
- Docs - creating documents and pages, editing in Markdown
- Organization - creating Lists and Folders, managing workspace hierarchy
- Search - global search across tasks, docs, and chat messages
And this is exactly where the real advantage of MCP shows up: you do not have to click through things manually, you do not need to program anything, and you do not need to know the API documentation. You simply tell your AI - in our case, Claude Code: Create a task called “Media Data Analysis” for client XY and set the deadline for this Friday. The AI understands the full context and is able to complete the task. It breaks it down into multiple steps, uses the available functions, and works through the request one step at a time. Other practical examples that work well include:
Bulk operations: “Assign all tasks tagged ‘urgent’ to Jan” - one sentence, dozens of changes
Structure creation: “Create a Google Ads Analytics project with the phases Data Collection, Analysis, Visualization, Reporting” - Claude builds the full Folder/List structure
Reporting: “Give me an overview of completed tasks from the past week” - an instant report without manual filtering
Time tracking: “Start the timer” / “Stop the timer and show me how much I worked” - quick voice/text control
Complex task edits: setting the name, description, status, priority, due date, assignee, time estimate - all in a single command
All of these options are available across all ClickUp plans (Free, Unlimited, Business, Enterprise), and you can use them with the following AI clients:
- Claude Desktop
- Claude Code (CLI tool for developers)
- ChatGPT
- Cursor (AI code editor)
- VS Code with MCP extensions
What impressed us the most was the speed with which a fairly complex request could be completed in a matter of seconds. We also liked the flexibility, because the AI understands our intent and can turn it into specific tasks, then carry them out. And finally, there is the low barrier to entry. You do not need any programming knowledge to use this MCP. The AI handles everything for you, which could have a major impact on time savings.
our testing
We put ClickUp MCP through a number of practical tests to find its limits. Naturally, we did not want to run these tests on our official ClickUp account, where we keep client data. That would have been more than inappropriate. So we created a separate test account, connected Claude Code to it, and let it do its thing without any concerns. We designed the tests to verify whether MCP would cover our everyday needs and whether it would deliver the level of time savings we had hoped for.
The first test was simply connecting Claude Code to ClickUp MCP. That was easy enough. Login is handled through OAuth 2.0 authentication, which worked reliably. The workspace was recognized, and Claude was able to execute our commands. As for the login itself, it only needed to happen once. Since the access token is stored on your computer, you do not have to log in again every single day. It only saves a few seconds, but even that is a nice touch.
After the first login, we wanted to see whether Claude could understand the hierarchy of our account. We had it inspect the entire Workspace, all included Spaces, Folders, Lists, and tasks. With one simple prompt, Claude returned the structure of the entire account exactly as it had been created.
The next step was renaming a specific task. Again, no problem. Then we tried copying files between Spaces. Claude could not duplicate an entire Space in one go, but it was able to copy the files one by one and place them into the target Space where we wanted a backup. So that test also looked valid.
Another important part of working in ClickUp is editing tasks themselves. We had Claude modify a task’s name, description, status, priority, assignee, deadlines, time estimate, add a comment, and assign a specific tag. After all of these successful tests, we tried deleting the task we had been editing. And that is where we ran into major problems.
what you cannot do with ClickUp mcp
The official ClickUp MCP cannot delete anything. Or rather - it technically could, but for security reasons, that functionality is not available. So yes, you can create things, but you cannot delete them. Next, we tried creating a new Space. That was not possible either. The same applied to renaming an existing Space. So if we wanted to create a new Space for a new client, Claude would not be able to help us with that task.
That led us to more practical questions - things we would actually need to automate. We work with labels that we create ourselves according to our needs. Each label is created at the individual Space level, which means we currently have to create them manually and assign them for each client. So we ran a practical test: can Claude create a new label for every client? It cannot. It can assign existing labels to tasks, but creating new labels across all Spaces is not supported either.
So we moved on to Custom Fields. These are custom columns with predefined values that we also work with quite often, and we want them standardized across all clients. Even updating these fields for twenty clients takes time. A lot of clicking and environment cleanup. Unfortunately Claude could not help here either. If there is no API function for it, it cannot be done.
Finally, we looked at automations. But ClickUp MCP is not the same thing as ClickUp Automations. Everything requires manual execution. You cannot create trigger-based workflows or recurring tasks.
In the end, it looks like working inside the Workspace is possible, and at a basic level it is not a problem. But once you go deeper and want to use more advanced functionality, you run into limits. Either because the necessary API function does not exist, or because security restrictions prevent the action from being performed.
Our disappointment with the limited API functionality led us to dig deeper, and that is when we came across community MCPs. Just like the official ClickUp MCP, there are other MCP servers for ClickUp. These are built by the community, and you can find their code directly on GitHub. These community MCPs solve many of the limitations of the official solution: full label management, bulk label creation across Spaces, creating, editing, and deleting tags, and broader support for Custom Fields. Community MCPs offer many advanced functions that were missing from the official MCP. The built-in safety limits are removed, and more complex work becomes possible and quite easy. It sounds very promising, and for our work it would probably be sufficient. But there is one big catch: what about security?
security aspects
The first thing worth stopping at is the token itself. Since we authorized through OAuth 2.0, an access token was stored on our computer. Every time Claude wants to connect to our ClickUp, it reads that token so it can get full access and work with the tool. You can probably already see where this is going. An access token is essentially a key. And if someone gets hold of that key, they gain access to all of your client data.
We ran our tests on a testing account, so we do not need to worry too much about losing that token. Even so, the topic itself is very interesting. Imagine using MCP to communicate with ClickUp, BigQuery, GA4, Google Ads, and other platforms. What happens to all those access tokens? They end up stored in one folder on your computer. If someone gains access to your machine through malware, they can simply take those tokens and gain access to all of those tools. It is worth keeping that in mind. You do not want an unknown attacker to have all those keys handed to them on a silver platter.
Another big question is community MCPs. Are they safe to use? We have already established that the official MCP is not enough for our needs, which means we would have to rely on a community MCP anyway. Before using one, we would need to inspect in detail how it is written. We do not assume data leakage is happening, but how much confidence do you really have if you have not reviewed the code yourself and performed a deep audit of all functions? Because of that, we cannot say whether these MCPs are safe. We would simply be cautious, especially if our ClickUp contained highly sensitive data. You never know who might modify the code for their own purposes and leave behind a security hole you may regret later.
Conclusion
We cannot say that ClickUp MCP is unusable. It looks quite decent, and for small teams or personal projects it may be an effective solution. There are plenty of functions you can use in practice. More advanced work is possible too. However only with community MCPs, where you need to weigh the security risks. If those risks are not a concern for you, then AI can give you full control over your ClickUp. In our case, we decided not to go down that path and to stick with good old manual work.
The main reason for us was security. We work with data from dozens of clients, and having all access tokens stored in one configuration file in plain text is a risk we simply cannot afford. One piece of malware or one careless mistake is enough for an attacker to gain access not only to ClickUp, but potentially to all connected services at once.
The second reason was the practical limitations we ran into. Label isolation at the individual Space level, the inability to create Custom Fields through MCP, and the absolute ban on deleting data are restrictions that do not save us time in a multi-client environment. It actually adds more work.
Still, we want to stay objective. ClickUp MCP does make sense if:
- you are an individual or a small team working on a single project
- you do not work with sensitive client data
- you need to quickly create and edit tasks, log time, or generate reports
- you are looking for a tool for personal productivity or prototyping
In those cases, MCP can genuinely save you hours of work, and the barrier to entry is practically zero.
ClickUp MCP is still in beta and actively evolving. We are not ruling out the possibility that a future version may solve the current limitations - better label management, more secure token storage, or support for creating Custom Fields. We will be keeping an eye on that development. Until then, though, we recommend that anyone considering MCP deployment carefully evaluate their own situation: what data they manage in ClickUp, how many clients they serve, and what security standards they need to meet. Only then can you make an informed decision about whether MCP is the right solution for you.
