Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill declares no explicit permissions, yet its instructions clearly require reading environment variables, accessing local files under ~/.upkuajing, writing credentials, and making network requests. This creates an under-declared capability surface that can mislead users or orchestrators about what the skill will actually do, increasing the risk of unintended credential access or side effects.
