Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill invokes shell and network-capable commands (`curl` and `python3`) but does not declare corresponding permissions, which creates a transparency and policy-enforcement gap. Even though the stated purpose is legitimate, undeclared capabilities make it easier for a skill to perform external communication and local key operations without clear user/runtime consent boundaries, increasing the risk of misuse or accidental execution in a trusted environment.
