Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill declares no permissions even though the documented behavior clearly includes shell execution, local file read/write, and network access to cameras and a cloud API. This weakens user consent and platform enforcement because a user may install a camera-processing skill without being explicitly warned about its ability to access local files, launch scripts, and transmit data off-device.
