diff --git a/src/security/audit-summary.test.ts b/src/security/audit-summary.test.ts
index b0497bfc7b0..ce65f6ad3bf 100644
--- a/src/security/audit-summary.test.ts
+++ b/src/security/audit-summary.test.ts
@@ -2,6 +2,19 @@ import { describe, expect, it } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
 import { collectAttackSurfaceSummaryFindings } from "./audit-extra.summary.js";
 
+function requireAttackSurfaceSummary(
+  findings: ReturnType<typeof collectAttackSurfaceSummaryFindings>,
+) {
+  const summary = findings.find((f) => f.checkId === "summary.attack_surface");
+  expect(summary).toEqual(
+    expect.objectContaining({ checkId: "summary.attack_surface", severity: "info" }),
+  );
+  if (!summary) {
+    throw new Error("Expected attack surface summary finding");
+  }
+  return summary;
+}
+
 describe("security audit attack surface summary", () => {
   it("includes an attack surface summary (info)", () => {
     const cfg: OpenClawConfig = {
@@ -12,13 +25,8 @@ describe("security audit attack surface summary", () => {
     };
 
     const findings = collectAttackSurfaceSummaryFindings(cfg);
-    const summary = findings.find((f) => f.checkId === "summary.attack_surface");
+    const summary = requireAttackSurfaceSummary(findings);
 
-    expect(findings).toEqual(
-      expect.arrayContaining([
-        expect.objectContaining({ checkId: "summary.attack_surface", severity: "info" }),
-      ]),
-    );
-    expect(summary?.detail).toContain("trust model: personal assistant");
+    expect(summary.detail).toContain("trust model: personal assistant");
   });
 });