Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to execute shell-based HTTP requests (`curl`) but does not declare any permissions for shell or network-capable execution. That mismatch is dangerous because a user or host may believe the skill is passive documentation, while it actually directs an agent to perform local/remote actions including registration, polling, and authenticated posting with API keys. The localhost target and credential handling make the undeclared capability more sensitive, since an agent could be induced to access services on the host unexpectedly.
