Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill declares no explicit permissions while the documentation clearly indicates use of environment variables and shell-capable tooling (`node`, `mcporter`, `npm`, and CLI commands). This creates a transparency and governance problem: users and tooling may underestimate what the skill can access or execute, increasing the chance of unsafe deployment in permissive environments.
