inference-optimizer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill executes local audit/purge scripts for "OpenClaw token usage" and explicitly instructs the agent to "return raw output", which can contain actual token/session secrets, forcing the LLM to handle and potentially emit secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to execute local scripts (including a purge script that uses rm/find) and to modify exec-approvals, which directly change and can delete files and alter the agent's execution permissions on the host, so it pushes the agent to modify/compromise machine state.