Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill declares no permissions, yet its documented behavior clearly involves reading environment variables, accessing local files under ~/.upkuajing, writing API keys, and making network requests. This weakens transparency and consent boundaries, increasing the chance an agent executes sensitive operations the user did not explicitly authorize.
