Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill documentation declares environment-variable requirements and shell-based Node entrypoints that clearly imply network and command execution capabilities, yet no explicit permissions are declared. This creates a transparency and governance gap: users or platforms may invoke the skill without understanding that it can access secrets, execute commands, and send data over the network.
