Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill advertises and documents shell execution, environment-variable use, network access, and persistent hook/cron installation, but the metadata does not declare corresponding permissions. This creates a trust and review gap: operators may install it expecting low privilege while it can modify local state and invoke external tools, increasing the chance of unsafe deployment or abuse if the package contents differ from expectations.
