Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documentation clearly describes network access, local file reads for a private key, and file writes for cached results/logging, yet it declares no permissions. This creates a transparency and consent problem: users or platforms may approve the skill without realizing it can access credentials, contact external APIs, and persist data locally.
