Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documentation describes outbound network use to Aave's GraphQL API and messaging delivery via OpenClaw, yet the finding indicates no declared permissions are present. Undeclared network capability is a real security and governance issue because reviewers and runtime policy enforcement cannot accurately determine what external communication the skill performs, which can conceal unexpected data egress or make sandboxing ineffective.
