Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill clearly performs external network access to search for and fetch WeChat articles, but no explicit permissions are declared. That creates a transparency and policy-enforcement gap: a host system or reviewer may underestimate the skill's ability to contact remote services, fetch arbitrary URLs, or exfiltrate queried data via networked dependencies.
