diff --git a/scripts/lib/arg-utils.mjs b/scripts/lib/arg-utils.mjs
index 4dba9095bf0..a539cb93d41 100644
--- a/scripts/lib/arg-utils.mjs
+++ b/scripts/lib/arg-utils.mjs
@@ -20,7 +20,7 @@ export function readFlagValue(args, name) {
   return undefined;
 }
 
-export function consumeStringFlag(argv, index, flag, currentValue) {
+function consumeStringFlag(argv, index, flag, currentValue) {
   if (argv[index] !== flag) {
     return null;
   }
@@ -30,18 +30,7 @@ export function consumeStringFlag(argv, index, flag, currentValue) {
   };
 }
 
-export function consumeStringListFlag(argv, index, flag) {
-  if (argv[index] !== flag) {
-    return null;
-  }
-  const value = argv[index + 1];
-  return {
-    nextIndex: index + 1,
-    value: typeof value === "string" && value.length > 0 ? value : null,
-  };
-}
-
-export function consumeIntFlag(argv, index, flag, currentValue, options = {}) {
+function consumeIntFlag(argv, index, flag, currentValue, options = {}) {
   if (argv[index] !== flag) {
     return null;
   }
@@ -53,7 +42,7 @@ export function consumeIntFlag(argv, index, flag, currentValue, options = {}) {
   };
 }
 
-export function consumeFloatFlag(argv, index, flag, currentValue, options = {}) {
+function consumeFloatFlag(argv, index, flag, currentValue, options = {}) {
   if (argv[index] !== flag) {
     return null;
   }
@@ -84,25 +73,6 @@ export function stringFlag(flag, key) {
   };
 }
 
-export function stringListFlag(flag, key) {
-  return {
-    consume(argv, index) {
-      const option = consumeStringListFlag(argv, index, flag);
-      if (!option) {
-        return null;
-      }
-      return {
-        nextIndex: option.nextIndex,
-        apply(target) {
-          if (option.value) {
-            target[key].push(option.value);
-          }
-        },
-      };
-    },
-  };
-}
-
 function createAssignedValueFlag(consumeOption) {
   return {
     consume(argv, index, args) {
diff --git a/src/agents/auth-profiles/state.ts b/src/agents/auth-profiles/state.ts
index 15cee136588..96210e53ffa 100644
--- a/src/agents/auth-profiles/state.ts
+++ b/src/agents/auth-profiles/state.ts
@@ -70,9 +70,7 @@ export function loadPersistedAuthProfileState(agentDir?: string): AuthProfileSta
   return coerceAuthProfileState(loadJsonFile(resolveAuthStatePath(agentDir)));
 }
 
-export function buildPersistedAuthProfileState(
-  store: AuthProfileState,
-): AuthProfileStateStore | null {
+function buildPersistedAuthProfileState(store: AuthProfileState): AuthProfileStateStore | null {
   const state = coerceAuthProfileState(store);
   if (!state.order && !state.lastGood && !state.usageStats) {
     return null;
diff --git a/src/agents/auth-profiles/usage.ts b/src/agents/auth-profiles/usage.ts
index 5d2a3286538..fc44101f9fc 100644
--- a/src/agents/auth-profiles/usage.ts
+++ b/src/agents/auth-profiles/usage.ts
@@ -150,7 +150,7 @@ function applyWhamCooldownResult(params: {
   };
 }
 
-export async function probeWhamForCooldown(
+async function probeWhamForCooldown(
   store: AuthProfileStore,
   profileId: string,
 ): Promise<WhamCooldownProbeResult | null> {
diff --git a/src/agents/cli-runner/bundle-mcp-adapter-shared.ts b/src/agents/cli-runner/bundle-mcp-adapter-shared.ts
index de2714e9c38..3ff7b53171b 100644
--- a/src/agents/cli-runner/bundle-mcp-adapter-shared.ts
+++ b/src/agents/cli-runner/bundle-mcp-adapter-shared.ts
@@ -4,7 +4,7 @@ export function isRecord(value: unknown): value is Record<string, unknown> {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 
-export function normalizeStringArray(value: unknown): string[] | undefined {
+function normalizeStringArray(value: unknown): string[] | undefined {
   return Array.isArray(value) && value.every((entry) => typeof entry === "string")
     ? [...value]
     : undefined;
diff --git a/src/agents/cli-runner/helpers.ts b/src/agents/cli-runner/helpers.ts
index 596f4bf9f9a..730cf771277 100644
--- a/src/agents/cli-runner/helpers.ts
+++ b/src/agents/cli-runner/helpers.ts
@@ -227,7 +227,7 @@ function resolveCliImageRoot(params: { backend: CliBackendConfig; workspaceDir:
   return path.join(resolvePreferredOpenClawTmpDir(), "openclaw-cli-images");
 }
 
-export function appendImagePathsToPrompt(prompt: string, paths: string[], prefix = ""): string {
+function appendImagePathsToPrompt(prompt: string, paths: string[], prefix = ""): string {
   if (!paths.length) {
     return prompt;
   }
diff --git a/src/agents/sandbox/validate-sandbox-security.ts b/src/agents/sandbox/validate-sandbox-security.ts
index d854dc45343..35098d42d2c 100644
--- a/src/agents/sandbox/validate-sandbox-security.ts
+++ b/src/agents/sandbox/validate-sandbox-security.ts
@@ -18,8 +18,7 @@ import {
 import { getBlockedNetworkModeReason } from "./network-mode.js";
 
 // Targeted denylist: host paths that should never be exposed inside sandbox containers.
-// Exported for reuse in security audit collectors.
-export const BLOCKED_HOST_PATHS = [
+const BLOCKED_HOST_PATHS = [
   "/etc",
   "/private/etc",
   "/proc",
@@ -92,18 +91,18 @@ function parseBindSpec(bind: string): ParsedBindSpec {
  * Parse the host/source path from a Docker bind mount string.
  * Format: `source:target[:mode]`
  */
-export function parseBindSourcePath(bind: string): string {
+function parseBindSourcePath(bind: string): string {
   return parseBindSpec(bind).source.trim();
 }
 
-export function parseBindTargetPath(bind: string): string {
+function parseBindTargetPath(bind: string): string {
   return parseBindSpec(bind).target.trim();
 }
 
 /**
  * Normalize a POSIX path: resolve `.`, `..`, collapse `//`, strip trailing `/`.
  */
-export function normalizeHostPath(raw: string): string {
+function normalizeHostPath(raw: string): string {
   return normalizeSandboxHostPath(raw);
 }
 
@@ -135,7 +134,7 @@ export function getBlockedBindReason(bind: string): BlockedBindReason | null {
   return null;
 }
 
-export function getBlockedReasonForSourcePath(
+function getBlockedReasonForSourcePath(
   sourceNormalized: string,
   blockedHostPaths: string[],
 ): BlockedBindReason | null {
diff --git a/src/plugins/installed-plugin-index.ts b/src/plugins/installed-plugin-index.ts
index aa76109db79..5a9b9724bce 100644
--- a/src/plugins/installed-plugin-index.ts
+++ b/src/plugins/installed-plugin-index.ts
@@ -133,5 +133,5 @@ export function isInstalledPluginEnabled(
     rootConfig: config,
     enabledByDefault: record.enabledByDefault,
   });
-  return state.enabled && (record.enabled || state.explicitlyEnabled === true);
+  return state.enabled && (record.enabled || state.explicitlyEnabled);
 }