Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly directs file reads/writes and shell execution via a local Python runner and OpenClaw CLI operations, but it declares no permissions. That mismatch is a real security issue because it can bypass operator/admin expectations and allow a user-invocable skill to perform powerful local actions without an explicit permission contract.
