Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill declares broad executable tooling (Bash, Write, network-capable scripts) and explicitly documents environment-variable use, RPC access, and shell execution, but the finding indicates these capabilities are not reflected in a proper permissions model. This matters because the skill handles wallet creation and contract interaction, so undeclared env/network/shell access increases the chance of secret exposure, unintended network calls, or unsafe execution without adequate review.
