openclaw-watchdog

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to collect the user's Telegram bot token and chat ID and to perform test runs and commands using those values, requiring the LLM to receive and potentially emit secret values verbatim (high exfiltration risk).