macos-launchd

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding the OpenClaw API key directly in plist ProgramArguments or EnvironmentVariables (e.g., using "your_key" or "--key $OPENCLAW_API_KEY"), which would require the agent/LLM to output secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs creating and loading system-wide LaunchDaemons (writing to /Library/LaunchDaemons) and using sudo launchctl to install persistent background services and set environment/UserName, which requires elevated privileges and directly modifies the machine's system state.