Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly performs outbound network access via `node ./fetch.js --url ...`, but the manifest only declares `transport: fetch` and does not explicitly declare permissions for network capability. This creates a policy/visibility gap: reviewers and runtime controls may not accurately understand what the skill can do, increasing the risk of unintended data exfiltration, SSRF-like access to internal URLs, or use against untrusted destinations if the skill is invoked with attacker-controlled URLs.
