Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 94% confidence
- Finding
- The skill declares no permissions while its documented behavior requires environment access, reading and writing files under ~/.upkuajing/.env, and making network requests. This under-declaration weakens user trust and reviewability because consumers cannot accurately assess what the skill is capable of before running it.
