Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documents scripts that write persistent data to a user home-directory path and perform outbound network access to a weather service, but the manifest does not declare corresponding permissions. That mismatch undermines informed consent and security review because a user or platform may invoke a skill with capabilities they were not clearly warned about.
