Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares no permissions while its documented and inferred behavior includes shell/environment-capable operations and installation of a Node package that can execute code locally. This creates a trust-boundary violation: users and orchestrators may treat the skill as low-risk even though it can install and run software with filesystem access, increasing the chance of unintended code execution and unsafe deployment.
