Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly uses sensitive capabilities including environment access, local file read/write, shell commands, and network access, yet it declares no permissions. That creates a transparency and review failure: users may install or schedule it without understanding that it can access secrets, persist OAuth tokens, and transmit health data to external providers.
