Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill advertises shell-based deployment behavior but does not declare permissions, which hides its actual execution capabilities from users and any permission-aware tooling. In a deployment skill that installs software, modifies configuration, and sets up cron/hooks, this mismatch reduces transparency and increases the chance of unreviewed system changes.
