Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares no permissions, yet its documented behavior includes reading environment variables, reading and writing files under ~/.upkuajing/.env, and making network requests. This creates a transparency and consent problem: operators may authorize a seemingly narrow data-query skill without realizing it also accesses credentials, persists secrets locally, and interacts with external account/payment endpoints.
