Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill documents substantial capabilities—network access, local file reads/writes, shell command execution, and credential/key handling—without any explicit permission declaration or gating metadata. This creates a real security transparency problem: users and hosting platforms may not understand that invoking the skill can access secrets and interact with external services.
