Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill metadata declares no required environment permissions, yet the documented and analyzed behavior includes environment variable access, file read/write, shell commands, and optional network use. This is dangerous because it prevents accurate informed consent: users may install a skill believing it is low-privilege when it can access broader capabilities, including secrets and network paths when enabled.
