Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to perform local SVG and asset-catalog file generation for Xcode, with no evidence of credential access, persistence, exfiltration, or destructive behavior.
Before installing, confirm you are comfortable with the skill reading and writing local SVG, JSON, and asset catalog files in the project paths you provide. Review generated files before committing them, but no special credential or account-risk concern is evident from the supplied evidence.
66/66 vendors flagged this skill as clean.
No suspicious patterns detected.