Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill clearly describes use of external DingTalk APIs and requires network access plus sensitive credentials, yet no explicit permissions are declared. This creates a transparency and governance gap: operators and users may not understand that the skill can reach external services and act on business approval data.
