Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 98% confidence
- Finding
- This is a mismatch because the declared purpose says the skill operates KuCoin public market APIs through UXC, implying API interaction functionality. The actual code shown does not interact with KuCoin or UXC at runtime; it only validates that certain files exist and contain expected strings and schema elements. Its primary purpose is build/repo validation, not operating exchange APIs. There are no hidden external accesses beyond local file inspection, but the core behavior materially differs from the description.
