Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill clearly requires sensitive environment variables and invokes Python scripts that perform networked access to Fastmail services, yet the manifest does not declare any permissions/capabilities. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can access credentials, make external requests, and execute shell/Python commands, which is especially risky for an email/calendar integration handling real account data.
