Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Migration Pack
v1.0.6将AI Agent完整迁移到新环境或分享给其他用户的标准化工具包,包含身份、记忆、技能、风格等完整信息,支持状态迁移
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the contents: templates for identity, memory, relations, skills, style and scripts to generate/pack/validate migration bundles. The required resources declared (none) are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running local Python scripts (generate-pack.py, migrate.py) to build/validate/pack migration bundles. The documentation explicitly maps template fields to agent files and conversation history (USER.md, MEMORY.md, AgentLink history, Coze settings). That is within migration scope but implies reading potentially sensitive local agent data and contact records — the user must ensure only intended files are included and third-party consent is obtained.
Install Mechanism
No install spec; instruction-only runtime with two included Python scripts. No external downloads or package installs are declared in SKILL.md. Risk is limited to local script execution (no network installs declared), but running unreviewed scripts can still perform arbitrary I/O or network calls.
Credentials
The skill declares no required environment variables or credentials (good). However templates and README explicitly handle highly sensitive fields (owner, memory, contacts) and mention reading platform-specific files/diaries. The package also mentions API Keys/SECRET.md as out-of-band items — ensure secrets are not embedded in exported files. No unrelated credentials are requested, but sensitive data could be included by users or by scripts if automated discovery is used.
Persistence & Privilege
always:false and no elevated privileges requested. The package will write files as part of packing, which is expected for a migration tool. It does not claim to modify other skills or system-wide agent settings.
What to consider before installing
This package appears to do what it says (create/validate/pack agent migration bundles), but exercise caution before running the included scripts: 1) Review scripts/generate-pack.py and scripts/migrate.py source before executing to confirm they do not send data externally or read secrets. 2) Treat any generated package as potentially sensitive — inspect and redact (replace API keys, passwords, personal contact info) before sharing. 3) Verify any contacts in relations.json have consented to be exported. 4) Run the scripts in an isolated environment (local machine or sandbox) and compute/check SHA256 checksums as described. 5) If you lack the ability to audit Python code, ask a knowledgeable person to inspect the scripts or avoid running them and only use the templates manually. If you want, I can summarize the two scripts' contents line-by-line (or look for network I/O/file paths) — provide their source and I'll analyze them for risky behavior.Like a lobster shell, security has layers — review code before you run it.
agentvk97af3x6rnkj12ktwfs1tbyd2s84sd3vlatestvk97af3x6rnkj12ktwfs1tbyd2s84sd3vmemoryvk97af3x6rnkj12ktwfs1tbyd2s84sd3vmigrationvk97af3x6rnkj12ktwfs1tbyd2s84sd3v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.