Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill metadata declares no permissions or environment requirements, yet the documented installation and usage clearly indicate network-capable behavior through Python dependencies and blockchain/security scanning functions. This creates a transparency and consent gap: an agent or reviewer may treat the skill as low-privilege while it can make outbound requests to RPC endpoints, APIs, or repositories during execution.
