Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill documentation describes network access to Alibaba Cloud APIs and writing artifacts under output/aliyun-emoji/, but it does not declare corresponding permissions. Undeclared capabilities reduce transparency and can bypass policy or reviewer expectations, making it harder to assess what the skill is allowed to do and increasing the chance of unsafe deployment.
