Context-Inappropriate Capability
High
- Confidence
- 96% confidence
- Finding
- The skill explicitly backs up local host files such as `/root/.openclaw/workspace/MEMORY.md` and `/root/.openclaw/openclaw.json` into Feishu documents. That expands a document-management skill into host-file exfiltration of potentially sensitive memory, configuration, tokens, and operational data, which is not necessary for normal document organization and creates a clear confidentiality risk.
