Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill clearly exposes shell-capable operations such as installing packages, creating files under ~/.clawclau, exporting environment variables, and invoking task-management scripts, yet no explicit permissions are declared. This creates a trust and review gap: a user or host system may underestimate that the skill can execute commands, modify local state, and manage background processes.
