Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares no permissions, yet it clearly exposes and documents network-accessible HTTP endpoints via a FastAPI/uvicorn server. This mismatch weakens transparency and security review because consumers may assume the skill is purely local or inert when it actually performs network operations and accepts data over HTTP.
