Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill declares no explicit permissions, yet its documented behavior clearly requires environment variable access, local file read/write, and outbound network access. This creates a transparency and policy-enforcement gap: an agent or reviewer may treat the skill as lower-privilege than it really is, increasing the chance of unintended secret exposure, filesystem modification, or network use without informed approval. The webhook and SQLite features make the capability set broader than a simple read-only tracking helper.
