diff --git a/src/commands/daemon-install-helpers.test.ts b/src/commands/daemon-install-helpers.test.ts
index e4dac3042bd..5f36a1e89d6 100644
--- a/src/commands/daemon-install-helpers.test.ts
+++ b/src/commands/daemon-install-helpers.test.ts
@@ -5,6 +5,7 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { writeStateDirDotEnv } from "../config/test-helpers.js";
 
 const mocks = vi.hoisted(() => ({
+  hasAnyAuthProfileStoreSource: vi.fn(() => true),
   loadAuthProfileStoreForSecretsRuntime: vi.fn(),
   resolvePreferredNodePath: vi.fn(),
   resolveGatewayProgramArguments: vi.fn(),
@@ -14,6 +15,7 @@ const mocks = vi.hoisted(() => ({
 }));
 
 vi.mock("../agents/auth-profiles.js", () => ({
+  hasAnyAuthProfileStoreSource: mocks.hasAnyAuthProfileStoreSource,
   loadAuthProfileStoreForSecretsRuntime: mocks.loadAuthProfileStoreForSecretsRuntime,
 }));
 
@@ -281,6 +283,24 @@ describe("buildGatewayInstallPlan", () => {
     expect(plan.environment.OPENCLAW_PORT).toBe("3000");
   });
 
+  it("skips auth-profile store load when no auth-profile source exists", async () => {
+    mockNodeGatewayPlanFixture({
+      serviceEnvironment: {
+        OPENCLAW_PORT: "3000",
+      },
+    });
+    mocks.hasAnyAuthProfileStoreSource.mockReturnValue(false);
+
+    const plan = await buildGatewayInstallPlan({
+      env: {},
+      port: 3000,
+      runtime: "node",
+    });
+
+    expect(mocks.loadAuthProfileStoreForSecretsRuntime).not.toHaveBeenCalled();
+    expect(plan.environment.OPENCLAW_PORT).toBe("3000");
+  });
+
   it("merges env-backed auth-profile refs into the service environment", async () => {
     mockNodeGatewayPlanFixture({
       serviceEnvironment: {
diff --git a/src/commands/daemon-install-helpers.ts b/src/commands/daemon-install-helpers.ts
index 01a4a8bb4dc..7583ef136f1 100644
--- a/src/commands/daemon-install-helpers.ts
+++ b/src/commands/daemon-install-helpers.ts
@@ -1,6 +1,7 @@
 import os from "node:os";
 import path from "node:path";
 import {
+  hasAnyAuthProfileStoreSource,
   loadAuthProfileStoreForSecretsRuntime,
   type AuthProfileStore,
 } from "../agents/auth-profiles.js";
@@ -38,7 +39,13 @@ function collectAuthProfileServiceEnvVars(params: {
   authStore?: AuthProfileStore;
   warn?: DaemonInstallWarnFn;
 }): Record<string, string> {
-  const authStore = params.authStore ?? loadAuthProfileStoreForSecretsRuntime();
+  const authStore =
+    params.authStore ??
+    // Keep the daemon install cold path cheap when there is no auth store to read.
+    (hasAnyAuthProfileStoreSource() ? loadAuthProfileStoreForSecretsRuntime() : undefined);
+  if (!authStore) {
+    return {};
+  }
   const entries: Record<string, string> = {};
 
   for (const credential of Object.values(authStore.profiles)) {