Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares no permissions, yet its documented behavior and referenced package capabilities indicate network access and file-related operations. This creates a transparency and policy-enforcement gap: users and hosts may approve the skill believing it is low-risk, while it can still reach external services and interact with local resources.
