Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises and orchestrates capabilities including environment access, local file reads/writes, shell execution, and network access, yet it declares no permissions or boundaries. That creates a transparency and consent failure: an invoking agent or user may treat it as a simple analysis skill while it can access credentials, persist data, and call external services. In this context, the required EM_API_KEY, runtime.env storage, and installable background job make the undeclared capability surface materially more dangerous than a normal read-only market commentary tool.
