Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This skill is a disclosed OpenClaw configuration helper, with sensitive but expected config-editing guidance and no evidence of hidden execution, data theft, or unsafe persistence.
Install this only if you want an agent to help manage OpenClaw Gateway configuration. Review proposed changes before applying them, prefer targeted config set/unset operations over whole-config replacement, keep backups, validate after changes, and avoid storing long-lived secrets directly in openclaw.json.
if [[ -n "${perms}" ]]; then
echo "Permissions: ${perms}"
if [[ "${perms}" =~ ^[0-9]+$ ]] && (( perms > 600 )); then
echo "WARNING: config perms are >600; consider: chmod 600 \"${CONFIG_PATH}\""
fi
fi
else3. **Apply changes with the smallest safe surface** - Prefer small edits: `openclaw config get|set|unset` (dot path or bracket notation). - If the Gateway is online and you want "write + validate + restart" in one step: use RPC `config.patch` (merge patch) or `config.apply` (replaces the entire config; use carefully). - For complex setups, split config with `$include` (see below). 4. **Validate strictly**
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.