Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill declares no permissions, yet its documented behavior clearly depends on environment-backed secrets and runtime capabilities, most notably Telegram Mini App initData HMAC validation with a BOT_TOKEN. This creates a misleading trust boundary: operators may install it believing it only returns a link, while the documented setup and server behavior imply access to secrets and local execution context.
