Context-Inappropriate Capability
High
- Confidence
- 98% confidence
- Finding
- The skill instructs the agent to write a user-supplied API key into local configuration via `openclaw config set`, which is a privileged state-changing action unrelated to merely querying ad intelligence data. This can persist secrets beyond the current session, modify host configuration without explicit consent, and creates a path for credential capture or misuse if the skill content is adversarial or the environment is shared.
