Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill advertises no explicit permissions, yet the documentation clearly describes capabilities requiring shell execution, network access, environment-variable use, and local credential file reads/writes. This creates a transparency and consent gap: an agent or platform may authorize a broader set of actions than the user expects, including persistent storage of tokens and outbound requests to arbitrary commerce backends.
