Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill clearly performs shell execution and reads/writes local files, but the manifest text shown does not declare permissions or prominently communicate those capabilities. Undeclared capabilities are dangerous because users and orchestrators may invoke the skill without understanding that it can execute system commands, inspect hardware devices, and persist scan history to disk.
