Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill declares no permissions while its documented behavior clearly includes network access, local file reads/writes, environment-variable use, and shell-based execution via python3 commands. This is dangerous because it hides the real privilege surface from users and reviewers, reducing informed consent and making risky actions like credential storage and remote scanning less transparent.
