Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill instructs scanning `~/.openclaw/skills/` and `~/.openclaw/workspace/skills/` and reading every `SKILL.md`, which is a real file-read capability, yet no permissions are declared. That creates a transparency and policy-enforcement gap: an agent may access a broad set of local files without explicit user-visible authorization boundaries, increasing the chance of overcollection or unintended disclosure of skill metadata and contents.
