Tool & MCP Least-Privilege + Provenance

In one line: Only install Superpowers skills, MCP servers, and marketplace plugins from trusted sources; pin and review them; grant least privilege.

Do this: Before adding a skill / MCP server / plugin, check its source and pin a known-good version; prefer the narrowest permission scope it can run under. A tool that can reach the network or the filesystem is part of your supply chain — review it like a dependency (Section 2.7's dependency-surface axis applies). Do not auto-install on the strength of a name alone.

Mechanism: scripts/check-tool-provenance.sh (a shipped advisory check that inventories installed tools against trusted/pinned sources and warns on the unrecognized) + the .claude/settings.json permission allowlist (only listed tools/commands run without a prompt). The provenance check is advisory by design — it cannot false-block a legitimate tool — so treat its warnings as a review trigger, not a hard gate.