clawd-migrate

WarnAudited by ClawScan on May 10, 2026.

Overview

The tool matches its migration purpose, but it can install and run OpenClaw globally and overwrite/copy sensitive bot credentials and memory, so it deserves review before use.

Use this only on a copy or well-backed-up source directory, preferably with an empty output directory. Review migrated credentials, backups, and memory files, and do not allow the OpenClaw global install/onboard step unless you are comfortable modifying your system-wide npm environment.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI05: Unexpected Code Execution

What this means

Running the migration may change the system-wide Node/npm environment and run OpenClaw setup in the migrated workspace.

Why it was flagged

The documented migration flow can automatically install a global package and run another command after copying files, which is a high-impact local execution step rather than just file migration.

Skill content

After verification, openclaw is automatically reinstalled (`npm i -g openclaw`) and `openclaw onboard` runs in the migration output directory.

Recommendation

Require an explicit user confirmation immediately before installation/onboarding, make the non-install path the default, and document how to skip or roll back the setup.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The installed OpenClaw code could differ over time or come from an unexpected npm package/version, affecting the user's whole machine environment.

Why it was flagged

The setup installs the latest globally resolved `openclaw` package without a version pin or source verification, and it is executed through the shell.

Skill content

subprocess.run(
            "npm install -g openclaw",
            capture_output=True,
            text=True,
            timeout=120,
            shell=True,
        )

Recommendation

Pin the OpenClaw version, show the package source/version before installing, avoid shell=True where possible, and let users run the install manually if they prefer.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Existing OpenClaw memory or credential files in the output directory could be replaced, and the backup may not restore pre-existing target files.

Why it was flagged

The migration copies credential/config files into the target path using copy2, which overwrites existing destination files; the shown code does not check for existing target files or back them up first.

Skill content

dest = clawdbook_dir / src_path.name
            try:
                shutil.copy2(src_path, dest)

Recommendation

Warn before overwriting, back up the destination OpenClaw layout as well as the source, or require users to choose an empty output directory.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Credentials and API keys may be duplicated into the target OpenClaw config and backup folders.

Why it was flagged

The skill explicitly migrates local credential and API-key files. This is purpose-aligned, but it is sensitive account material.

Skill content

**Clawdbook/Moltbook:** Kept under `.config/clawdbook/` (credentials, API keys)

Recommendation

Run it only on directories you intend to migrate, keep backups private, and rotate or remove credentials if the backup/output is shared.

Low

#ASI06: Memory and Context Poisoning

What this means

Old or untrusted agent instructions could continue influencing future OpenClaw behavior after migration.

Why it was flagged

The migration intentionally carries old bot identity, tool notes, agents, and memory files into OpenClaw's persistent memory area.

Skill content

SOURCE_MEMORY_FILES = [
    "SOUL.md",
    "USER.md",
    "TOOLS.md",
    "IDENTITY.md",
    "AGENTS.md",
    "MEMORY.md",
]

Recommendation

Review migrated memory and agent-instruction files before using the new OpenClaw workspace.