Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The manifest advertises sensitive capabilities such as code execution and environment-variable access, but does not declare a corresponding permission model in a machine-checkable way. That creates a trust gap: hosts or users may assume the skill is lower-risk than it is, while the skill still exposes shell/env-capable functionality according to the broader package behavior.
