Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This is a straightforward Baidu Baike lookup skill that uses a disclosed Baidu API key to query Baidu and return encyclopedia results.
Install only if you are comfortable providing a Baidu API key and sending lookup terms to Baidu. Use a dedicated, revocable key, monitor quota or billing, make sure the Python requests package is available, and avoid querying confidential internal terms.
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.