Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill advertises networked verification and likely environment-backed runtime behavior, yet it declares no permissions. This creates a transparency and consent problem: users or hosting platforms may execute a skill with broader capabilities than documented, increasing the risk of unexpected outbound connections or access to sensitive runtime configuration.
