diff --git a/src/agents/sandbox-paths.test.ts b/src/agents/sandbox-paths.test.ts
index 6111980e1..fd6998994 100644
--- a/src/agents/sandbox-paths.test.ts
+++ b/src/agents/sandbox-paths.test.ts
@@ -50,7 +50,7 @@ describe("resolveSandboxedMediaSource", () => {
         media,
         sandboxRoot: sandboxDir,
       });
-      expect(result).toBe(expected);
+      expect(result).toBe(path.resolve(expected));
     });
   });
 
diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts
index 04c459070..93e9d1131 100644
--- a/src/security/audit.test.ts
+++ b/src/security/audit.test.ts
@@ -439,10 +439,14 @@ describe("security audit", () => {
   });
 
   it("warns for risky safeBinTrustedDirs entries", async () => {
+    const riskyGlobalTrustedDirs =
+      process.platform === "win32"
+        ? [String.raw`C:\Users\ci-user\bin`, String.raw`C:\Users\ci-user\.local\bin`]
+        : ["/usr/local/bin", "/tmp/openclaw-safe-bins"];
     const cfg: OpenClawConfig = {
       tools: {
         exec: {
-          safeBinTrustedDirs: ["/usr/local/bin", "/tmp/openclaw-safe-bins"],
+          safeBinTrustedDirs: riskyGlobalTrustedDirs,
         },
       },
       agents: {
@@ -464,8 +468,8 @@ describe("security audit", () => {
       (f) => f.checkId === "tools.exec.safe_bin_trusted_dirs_risky",
     );
     expect(finding?.severity).toBe("warn");
-    expect(finding?.detail).toContain("/usr/local/bin");
-    expect(finding?.detail).toContain("/tmp/openclaw-safe-bins");
+    expect(finding?.detail).toContain(riskyGlobalTrustedDirs[0]);
+    expect(finding?.detail).toContain(riskyGlobalTrustedDirs[1]);
     expect(finding?.detail).toContain("agents.list.ops.tools.exec");
   });