Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 93% confidence
- Finding
- The skill documentation indicates capabilities to read local files, write files, access environment-like secrets, and make network requests, but it does not declare permissions. This is dangerous because users and the platform cannot accurately assess or gate the skill's access, especially since it persists credentials and writes outputs to the Desktop while communicating with a remote API.
