Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 85% confidence
- Finding
- The skill instructs users to run a shell setup script, but the metadata shown does not declare corresponding permissions or execution capabilities. This creates a trust gap: installers may execute local shell actions without transparent permission disclosure, increasing the risk of unexpected system changes or abuse if the script is modified or behaves unsafely.
