diff --git a/extensions/slack/src/security-audit.test.ts b/extensions/slack/src/security-audit.test.ts
index 3bb3b37844c..df08e087bfc 100644
--- a/extensions/slack/src/security-audit.test.ts
+++ b/extensions/slack/src/security-audit.test.ts
@@ -22,26 +22,37 @@ function createSlackAccount(config: NonNullable<OpenClawConfig["channels"]>["sla
   } as ResolvedSlackAccount;
 }
 
+function createSlashCommandSlackConfig(
+  options: { useAccessGroups?: boolean } = {},
+): OpenClawConfig {
+  return {
+    ...(options.useAccessGroups === undefined
+      ? {}
+      : { commands: { useAccessGroups: options.useAccessGroups } }),
+    channels: {
+      slack: {
+        enabled: true,
+        botToken: "xoxb-test",
+        appToken: "xapp-test",
+        groupPolicy: "open",
+        slashCommand: { enabled: true },
+      },
+    },
+  };
+}
+
+async function collectSlackFindingsForConfig(cfg: OpenClawConfig) {
+  readChannelAllowFromStoreMock.mockResolvedValue([]);
+  return await collectSlackSecurityAuditFindings({
+    cfg,
+    account: createSlackAccount(cfg.channels!.slack),
+    accountId: "default",
+  });
+}
+
 describe("Slack security audit findings", () => {
   it("flags slash commands without a channel users allowlist", async () => {
-    const cfg: OpenClawConfig = {
-      channels: {
-        slack: {
-          enabled: true,
-          botToken: "xoxb-test",
-          appToken: "xapp-test",
-          groupPolicy: "open",
-          slashCommand: { enabled: true },
-        },
-      },
-    };
-
-    readChannelAllowFromStoreMock.mockResolvedValue([]);
-    const findings = await collectSlackSecurityAuditFindings({
-      cfg,
-      account: createSlackAccount(cfg.channels!.slack),
-      accountId: "default",
-    });
+    const findings = await collectSlackFindingsForConfig(createSlashCommandSlackConfig());
 
     expect(findings).toEqual(
       expect.arrayContaining([
@@ -54,25 +65,9 @@ describe("Slack security audit findings", () => {
   });
 
   it("flags slash commands when access-group enforcement is disabled", async () => {
-    const cfg: OpenClawConfig = {
-      commands: { useAccessGroups: false },
-      channels: {
-        slack: {
-          enabled: true,
-          botToken: "xoxb-test",
-          appToken: "xapp-test",
-          groupPolicy: "open",
-          slashCommand: { enabled: true },
-        },
-      },
-    };
-
-    readChannelAllowFromStoreMock.mockResolvedValue([]);
-    const findings = await collectSlackSecurityAuditFindings({
-      cfg,
-      account: createSlackAccount(cfg.channels!.slack),
-      accountId: "default",
-    });
+    const findings = await collectSlackFindingsForConfig(
+      createSlashCommandSlackConfig({ useAccessGroups: false }),
+    );
 
     expect(findings).toEqual(
       expect.arrayContaining([