Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill documentation declares use of sensitive environment variables such as SIMMER_API_KEY and WALLET_PRIVATE_KEY, but the finding indicates no corresponding permissions are declared. In an agent ecosystem, missing permission declarations weaken transparency and policy enforcement, making it easier for a skill to access secrets without clear user consent or review expectations.
