Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The skill instructs the agent to read an unrelated local file (`/Users/m1/.openclaw/workspace-elon/SOUL.md`) for stylistic guidance. Expanding scope from Facebook automation into arbitrary local filesystem reads is dangerous because it can expose sensitive local data and normalize unauthorized access paths not required for the task.
