Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The skill instructs the agent to run a host-level `openclaw security audit --deep --fix` and then alter platform security settings, which exceeds the research-community purpose and expands the skill into local system administration. Even if framed as security hardening, this can cause unauthorized configuration changes, trigger privileged actions, and normalize execution of non-essential host commands from untrusted skill content.
