Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 90% confidence
- Finding
- The skill documents and relies on powerful capabilities—environment-variable handling, writing `.env`, network/API access, and shelling out via `docker exec`—but does not declare permissions. In this context, the undocumented requirement for Docker socket access is especially sensitive because it effectively grants container-level code execution and can enable host compromise if misused.
