Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 85% confidence
- Finding
- The skill declares no permissions, yet its documented behavior requires reading configuration, writing user-specific API keys to disk, accessing environment/config state, and making network requests. This hidden capability expansion undermines least-privilege expectations and can cause the host agent to grant broader access than users or reviewers realize, especially because it handles secrets and persistence.
