Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill advertises and relies on shell-based installation commands, but the manifest shown does not declare any permissions or capability boundaries. That mismatch is risky because users and tooling cannot accurately assess what the skill may invoke, and security controls based on declared permissions may be bypassed or weakened.
