Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill declares no explicit permissions, but its own documentation describes outbound network access to WeChat and image URLs plus launching a local Node.js process via subprocess. This creates a permission-model mismatch: users and the hosting platform are not clearly informed that the skill can access the network and execute shell-level processes, which weakens review, sandboxing, and least-privilege enforcement.
