Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 81% confidence
- Finding
- The skill describes an HTTP status service that performs network checks and reads environment-adjacent runtime/system state, but the skill metadata does not declare corresponding permissions or clearly surface that capability. Undeclared capabilities reduce user visibility and informed consent, which is a security issue even if the feature is intended for legitimate monitoring.
