Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill describes operational capabilities that include reading environment variables, writing files, invoking shell commands, and making network requests, but it does not declare permissions or otherwise constrain those actions. In a skill that handles Shopee store authorization and API access, this mismatch reduces transparency and increases the chance of over-privileged execution, making it harder for reviewers and users to assess data exposure and abuse paths.
