Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill explicitly requires access to a private key via environment variables and performs networked blockchain/API operations, yet the finding indicates these capabilities are not fully declared as permissions. In an agent setting, undeclared access to secrets and external network interaction weakens user visibility and policy enforcement, increasing the risk of unauthorized fund-moving or signing actions.
