Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 83% confidence
- Finding
- The skill advertises automatic installation, shell command monitoring, GitHub cloning, and execution of local shell scripts, which implies shell and network capabilities without any declared permission model. This creates a transparency and trust problem: users may enable a skill that can fetch code and run commands without an explicit capability declaration or consent boundary.
