Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 88% confidence
- Finding
- The skill documentation states that Tencent Cloud credentials must be supplied through environment variables, but the skill does not declare permissions or explicitly disclose this capability. Hidden or undeclared access to secrets increases the risk of over-privileged execution and makes it harder for users or platforms to assess what sensitive resources the skill can access.
