Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This skill is a local TypeScript config checker that reads a chosen tsconfig file and reports issues, with no evidence of hidden network access or persistence.
This appears safe for its stated purpose. Install it if you want a local tsconfig.json linter, and run it only against configuration files you intend to inspect. Be aware that one trigger phrase is broad, so users may want to invoke it explicitly with commands like "lint tsconfig" or "validate tsconfig.json."
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.