Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares no explicit permissions even though its documented behavior includes network access, reading and writing local files, and accessing environment-based secrets. This undermines least-privilege review and can cause users or orchestrators to authorize a skill without understanding that it can touch credentials and make external paid requests.
