Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 71% confidence
- Finding
- The skill metadata does not declare permissions, yet the analyzed behavior indicates access to environment variables. In an agent setting, undeclared env access can expose secrets such as wallet keys or API credentials and prevents users from making an informed trust decision about the skill’s capabilities.
