Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill explicitly instructs the agent to run shell commands like `which openclaw` and `ls ~/.openclaw/agents/`, and later to invoke Python scripts, yet it declares no permissions. This creates hidden execution capability and local environment/file access that a user or platform may not expect, undermining consent and increasing the chance of unintended local data exposure or command execution.
