Context-Inappropriate Capability
Medium
- Confidence
- 85% confidence
- Finding
- The code can send arbitrary outbound messages through the openclaw CLI using task-generated content and configured destination identifiers. In a skill with no manifest or explicit trust boundary documentation, this creates a real data-exfiltration and unauthorized-notification capability if task results or message content contain sensitive information or if configuration is tampered with.
