Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill relies on environment-variable access to handle YUKETANG_SECRET, but the manifest does not clearly declare or scope that capability. Hidden or undeclared access to credentials reduces transparency and prevents users from making an informed trust decision, especially because the skill also instructs installation and verification workflows tied to authentication.
