Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This skill is a disclosed wrapper for installing and using a pinned local knowledge-base CLI, with no evidence of hidden or malicious behavior in the artifacts.
Install only if you want a local persistent knowledge base. Avoid ingesting sensitive text or private URLs unless you intend them to be stored in the configured knowledge instance, and review the pinned PyPI dependency/update path as you would for any CLI package.
51/51 vendors flagged this skill as clean.
No suspicious patterns detected.