Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 89% confidence
- Finding
- The skill advertises and relies on sensitive capabilities (`env` secrets and MCP access) but does not declare an explicit permission boundary for what the agent may do with them. In practice, this can cause the runtime or reviewers to under-estimate that the skill can reach a live Odoo endpoint with bearer-token authentication and perform scheduling writes.
