Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill declares no permissions while its documented behavior includes network access and writing sensitive device inventory details to files. This weakens user consent and review because the actual capability surface is broader than the manifest suggests, especially in a skill that handles device tokens and cloud-derived secrets.
