Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill content demonstrates shell and network operations and references reading/writing configuration and test scripts, but it declares no permissions. This creates a dangerous transparency gap: users and policy engines may authorize or execute the skill without understanding that it can access files, modify configuration, and make outbound requests involving sensitive bot tokens.
