Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill declares no permissions, yet its documentation instructs use of environment variables, reads and writes files under the user's home directory, and performs networked API and payment-related actions. This is dangerous because the runtime capabilities materially exceed what a user would infer from the manifest, undermining informed consent and increasing the chance of unauthorized credential handling or external calls.
