Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill explicitly instructs the agent to run shell commands such as `npm i -g clawhub` and `clawhub install ...`, and to read or run helper scripts in `scripts/`, yet it declares no permissions. That mismatch is dangerous because users and enforcement layers may assume the skill is advisory-only when it can actually trigger system changes, installs, or script execution in a bootstrap context.
