Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The skill explicitly states it auto-reads OpenClaw configuration and uses configured third-party AI providers, but the documentation does not clearly warn that user-submitted scripts may be transmitted off-host to external services. This creates a real privacy and data-handling risk because users may assume analysis is local or may not realize provider selection is automatic.
