Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill declares no required permissions, yet its documented behavior implies shell execution (`npm install`, `agent-browser install`), environment/runtime dependencies, and likely local file access through scraping output and configuration. This creates a transparency and least-privilege problem: operators may approve or run the skill without understanding that it can invoke external binaries and touch the local system.
