Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill describes capabilities that require network access, shell execution, and use of environment variables/credential files, but it does not declare any permissions. This creates a permission-model mismatch: an agent or platform may grant broader runtime capabilities than users expect, increasing the risk of unintended command execution, secret access, or outbound interactions with wallets, relays, and third-party APIs.
