Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill advertises shell/file capabilities and operational behavior, but does not declare permissions or clearly scope what access is required. In a VPS-management context, undeclared execution capability is dangerous because users may grant broad trust without understanding that the skill can read files and run commands on infrastructure.
