Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill requires access to environment variables and network resources, including a wallet private key and outbound requests to third-party endpoints, yet no permissions are explicitly declared. This undermines least-privilege review and can cause an agent framework or operator to grant broader capabilities than expected, especially given the skill can initiate paid transactions.
