Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 96% confidence
- Finding
- The skill describes capabilities to read a local credential-bearing file (%TEMP%/vpup.json), use an environment/session token, perform network requests, invoke a Python script, and write snapshot files, but it does not declare explicit permissions in a machine-enforceable way beyond descriptive metadata. This creates a real security gap: the runtime may expose sensitive file, shell, network, and file-write behavior without a clear permission contract, increasing the chance of unintended credential access or broader misuse if the script or surrounding agent behavior is modified.
