Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This is a local package.json linting helper that reads selected project files and reports issues without evidence of network access, credential use, persistence, or file modification.
Install this only if you want a local helper for package.json linting. Run it against a specific package.json or intended project directory, and treat its security mode as heuristic script-risk checking rather than a full npm vulnerability audit.
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.