Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs users to copy and run Python scripts that read environment variables, access local state files, invoke shell-executed cron workflows, and fetch data from an external website, yet it declares no permissions. This creates a transparency and governance gap: operators may approve or deploy the skill without understanding that it can perform network access and persistent local file writes, which increases the risk of misuse or unintended data exposure.
