70% of OpenClaw Skills Request OAuth Scopes They Don't Need
We ran two independent security scans across all 6,993 public skills in openclaw/skills. The dominant finding in both: skills routinely request OAuth permissions beyond what their stated task requires
vessel.hashnode.dev4 min read