Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 91% confidence
- Finding
- The skill advertises capabilities that include shell execution, network access, file read/write, and environment access, yet declares no explicit permissions or user-facing warning. In a skill that handles highly sensitive in-home elder surveillance and cloud report access, this creates a dangerous mismatch that can hide powerful data access and exfiltration behavior from users and reviewers.
