Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill uses sensitive capabilities including environment variables, local file read/write, and network access, but does not declare permissions for them. This reduces transparency and reviewability, making it easier for a skill to access credentials, persist tokens under the user home directory, and send data to a user-supplied remote endpoint without explicit permission gating. The context increases risk because the skill stores auth tokens locally and performs HTTP authentication/search requests to a configurable URL.
