Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill requires shell execution but does not declare corresponding permissions, creating a dangerous mismatch between what reviewers/users may expect and what the skill can actually do. In this file, shell access is used to drive many externally impactful SmartSaaS operations, so undeclared capability materially increases risk and reduces informed consent.
