Missing User Warnings
Medium
- Confidence
- 86% confidence
- Finding
- The README advertises that the MCP server lets local models read files, execute bash commands, and search the filesystem, but it does not prominently warn users that connecting an LLM to shell and file-access tools can enable destructive or privacy-impacting actions if the model is misused, prompt-injected, or misconfigured. In this context, the risk is elevated because the skill is explicitly designed to expose powerful local capabilities to AI models, and the brief mention of sandboxing/forbidden commands is not a sufficient safety warning or threat description.
