Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill declares no required permissions, yet its documented behavior explicitly includes reading and overwriting files under `/root/.openclaw/workspace/`, which implies file read/write capability. This mismatch is dangerous because it hides the skill's effective access from users and policy systems, reducing informed consent and weakening permission-based safeguards around sensitive logs and memory files.
