Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill documentation and referenced file structure indicate network-capable behavior such as market/news fetching, but no corresponding permissions are declared. This creates a transparency and consent problem: users and hosting platforms cannot accurately assess or constrain outbound access, and hidden network use is especially sensitive in a background monitoring tool.
