Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 84% confidence
- Finding
- The skill declares shell-capable behavior and runnable scripts (`pmm_watch.sh`, `pmm_recover.sh`, `pmm_boot.sh`) but does not surface any explicit permission model or user-consent boundary in the manifest. In a skill that can register remote identities, write local files, and move memory/credential material, missing permission disclosure increases the chance of silent execution of sensitive operations.
