Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The skill tells users to place a bearer token into an MCP configuration that sends requests over plain HTTP to a raw IP address. This exposes the token and any queried data to interception or tampering in transit, and the raw IP endpoint provides little identity assurance compared with a validated HTTPS domain.
