Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly instructs the agent to invoke shell scripts, read sub-skill files, use environment credentials, upload local files, download outputs, and call a remote API, yet it does not declare a corresponding explicit permission model beyond OpenClaw metadata. That mismatch weakens security review and user consent because the platform may not surface the full set of sensitive capabilities being used, especially shell, filesystem, network, and secret access.
