Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill declares no permissions, yet its documented behavior clearly includes reading environment variables, reading and writing a local .env file, and making network requests. This under-declaration weakens user and platform visibility into what the skill can actually access, which can lead to unsafe execution in environments that rely on declared permissions for trust decisions.
