Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill declares only allowed tools, but its documented behavior clearly depends on sensitive capabilities: reading secrets from environment variables, writing files during installation, invoking shell commands, and making network connections to RPC endpoints. This mismatch weakens policy review and user understanding, which is especially risky in a self-custody wallet because hidden network and shell behavior can affect funds or expose secrets.
