Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill documents access to environment variables, local configuration files, and networked SiYuan APIs, but it does not declare corresponding permissions. This creates a transparency and governance gap: users and the host platform may not realize the skill can read secrets, read/write files, and transmit data externally, increasing the chance of over-privileged or unexpected data access.
