Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly requires sensitive capabilities—environment variable access, shell execution, file read/write, and network access to Gmail/OpenClaw Gateway—yet no explicit permissions are declared. This creates a trust and review gap: operators may approve or run the skill without understanding that it handles raw receipt emails, location history, and auth tokens, increasing the chance of unintended data exposure or over-privileged execution.
