Context-Inappropriate Capability
Medium
- Confidence
- 90% confidence
- Finding
- The module reads secrets from ~/.openclaw/.env even though this file's stated purpose is generic app configuration for the WeChat publisher. Pulling credentials from another runtime's global secret store creates an implicit trust boundary crossing and can unexpectedly import unrelated secrets into this application.
