Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill instructs the agent to perform shell execution plus file reads/writes to sensitive locations like ~/.openclaw/openclaw.json and agent workspace directories, yet declares no permissions. This creates a hidden capability boundary violation: a user or reviewer may believe the skill is conversational only, while it can actually modify local configuration, create files, and invoke operational commands.
