Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill documentation clearly instructs the user to execute shell scripts that install system-level fail2ban actions and transmit data externally, yet no permissions are declared. This creates a transparency and consent problem: users or platforms may underestimate the skill's ability to modify system security tooling and send banned IP data to third parties.
