Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 92% confidence
- Finding
- The skill declares it requires an environment variable and clearly depends on outbound API access, but it does not declare corresponding permissions. Hidden or undeclared access to secrets and the network reduces transparency and can cause the agent to send sensitive wallet-related data to external services without explicit permission gating or user awareness.
