Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 91% confidence
- Finding
- The documentation presents the skill as a simple, zero-LLM reminder, but it also describes behavior that reads local OpenClaw session state, auto-configures a messaging recipient, installs persistence via cron, and sends a test message. That mismatch is dangerous because users may consent to a harmless-looking reminder while unknowingly granting access to session-derived data and automated outbound messaging to potentially unintended recipients.
