Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises simple script analysis, but the metadata indicates it can access environment/configuration and make network requests without declaring corresponding permissions. In this context, that means a user may unknowingly expose local OpenClaw configuration and trigger outbound API calls, which creates a real transparency and data-handling risk even if the functionality is partly related to AI analysis.
