Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 87% confidence
- Finding
- The skill documentation states specific capabilities such as reading local configuration files and making Home Assistant network calls, yet the static finding indicates permissions are not properly declared. Undeclared file and network capabilities undermine permission transparency and can lead users or hosting platforms to grant trust without understanding the actual access required. In a smart-home context, file reads may expose tokens and network access can reach privileged home-automation APIs.
