ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

agent-pack-n-go

v2.3.2

Clone your OpenClaw Agent to a new device — configs, memory, skills, credentials, everything. Triggers: '帮我迁移', '搬到新设备', 'migrate device', 'device move', '设备...

0· 310·3 current·3 all-time
by@aicodelion
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise a full agent clone and the scripts explicitly pack ~/.openclaw, ~/.claude, ~/.ssh (private keys), crontab, /etc/hosts, and other runtime/config files then transfer and deploy them on the target host — this matches expectations for a "clone everything" tool.
Instruction Scope
The SKILL.md and scripts instruct the agent to read and archive many sensitive local files (private SSH keys, API credentials, memory DBs), to stop the old agent service, to copy files to the remote host via scp/rsync, and to run setup/deploy via SSH. These actions are within the stated migration scope but are high-impact operations; the instructions do warn users and require an explicit manual ssh-copy-id step.
Install Mechanism
No install spec is declared (instruction-only), but the package contains multiple shell scripts that will be executed. The scripts perform npm installs (openclaw, claude-code, mcporter) from public registries during deploy/setup. There are no obscure download URLs or archive extracts from unknown personal hosts in the provided files.
Credentials
The skill requests no environment variables or external credentials up front, which is proportional. However it intentionally collects and packages existing local secrets (SSH private keys, API keys, OAuth/Claude credentials, memory DBs). That is expected for a full-clone tool but is highly sensitive — the user must consent and verify the destination.
Persistence & Privilege
The skill is not always:true and does not request platform-wide persistent privileges. It runs scripts in the agent's context and may use sudo on the remote when required; it does not modify other skills' configs or force-enable itself.
Assessment
This skill does what it says: it packages and transfers EVERYTHING needed to run your agent (configs, keys, memory DBs, cron jobs, /etc/hosts entries), then runs remote setup and deployment. That is powerful but also high-risk if misused. Before installing or running: 1) Only use this for devices you fully control and trust. 2) Inspect ~/openclaw-migration-pack.tar.gz contents (or the tmp folder created by pack.sh) before transfer to confirm nothing unexpected is included. 3) Prefer using ssh-copy-id (the skill already asks you to run it) rather than transferring private keys when possible; if private keys are transferred, securely delete them on transit completion. 4) Be prepared to revoke/rotate any API keys or bot tokens if you lose confidence in the destination. 5) Note the scripts perform npm installs and will ask for sudo on the remote for things like /etc/hosts and proxy setup—review the scripts (setup.sh/deploy.sh) line-by-line if you need higher assurance. 6) If you want lower risk, consider selective backup (exclude ~/.ssh or credential files) or manual migration steps instead of a full automatic clone.

Like a lobster shell, security has layers — review code before you run it.

latestvk9703386vgx8fxdqche39zxd3h82dxr0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments