Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill instructs the operator to provide sensitive environment values such as `AION_API_KEY` and optionally `WALLET_PRIVATE_KEY`, but the manifest does not declare corresponding permissions. This creates a permission-model gap: the skill can access secrets/capabilities implied by its code or workflow without transparent upfront declaration, which increases the risk of over-privileged execution and unsafe handling of high-value credentials tied to trading and wallet control.
