Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill clearly uses sensitive capabilities including environment variables, local file read/write, and shell execution, but does not declare permissions. That weakens user consent and reviewability because operators cannot accurately assess that the skill handles Tesla credentials, token caches, local config, and command execution. In a vehicle-control skill, undeclared capabilities are more dangerous because they combine privileged account access with the ability to persist sensitive data locally.
