machine-config-migrator

Type: OpenClaw Skill Name: machine-config-migrator Version: 1.0.0 The skill provides a utility for migrating workstation configurations but involves high-risk behaviors such as shell command execution and sensitive file access. Specifically, 'apply_config_bundle.py' uses 'subprocess.run(shell=True)' to automate plugin installations for tmux, vim, and zsh, which presents a potential injection surface if the bundle manifest is tampered with. Additionally, 'collect_config_bundle.py' reads and packages sensitive files like '.ssh/config' and '.gitconfig'. While the scripts include safety measures—such as excluding private SSH keys, implementing path traversal checks in 'safe_extract_tar', and using a whitelist for Zsh plugins—the inherent capabilities for shell execution and sensitive data handling align with the 'suspicious' classification under the provided criteria.