Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The skill reads unrelated OpenClaw/ZeroClaw daemon configuration files from the user's home directory to discover Discord and Telegram credentials. This violates least privilege and allows the strategy to silently reuse secrets from other tools, broadening access beyond what a trading skill should need.
