Skillv0.2.1

ClawScan security

clawd-migrate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 7:00 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package is internally consistent with a local migration tool: it discovers and copies local bot files (including credential files) into an openclaw layout and optionally runs npm to install/openclaw; there is no evidence of external data exfiltration, unexpected credential requests, or hidden endpoints.
Guidance: This package appears to be what it claims: a local migration tool that copies memory and config files (including credential files) into an openclaw layout and verifies the copies. Before using it: 1) Expect backups and migrated folders to contain credential files and API keys — treat those backups as sensitive. 2) The tool may run 'npm install -g openclaw' and 'openclaw onboard' (network activity and global install); if you don't want that, use the CLI option to skip setup or run migration without the automatic setup, or run the tool offline and perform installation manually after inspection. 3) If running via npx, you will fetch the published npm package — review the published package/source or run from a local clone if you prefer. 4) Run in a controlled/test directory first to confirm behavior. If you want additional assurance, ask the maintainer for a signed release or audit the installed openclaw package before allowing global install.

Review Dimensions

Purpose & Capability: okName/description (migration to openclaw) matches the code and docs. Required languages/tools (Python, Node/npm) are exactly what the package uses. No unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md and code instruct the agent to discover, back up, copy, and verify local files — including credential files under .config/moltbook or .config/moltbot — which is appropriate for a migration tool. One notable scope decision: the tool will (by default / documentation indicates automatic behavior) run 'npm install -g openclaw' and 'openclaw onboard' as a post-migration step; this modifies the host system and reaches out to the npm registry. That behaviour is coherent with 'set up the target app' but is a side-effect users should expect and control.
Install Mechanism: okNo install spec in the registry entry, but the repo contains typical npm wrapper files and a node bin script that invokes the Python package. There are no downloads from unknown URLs, no URL shorteners, and no extraction of remote archives. The prepublish script copies Python sources into lib/ for packaging — standard for an npm-wrapped Python tool.
Credentials: noteThe skill requests no environment variables and does not read arbitrary env vars. It does, however, enumerate and copy local credential files (credentials.json under .config/moltbook/.config/moltbot) into the new layout and into backups — which is necessary for migration but sensitive. Users should be aware backups and migrated folders will contain their credentials/API keys.
Persistence & Privilege: okThe skill does not request always:true or other elevated platform privileges. It can run commands (subprocess) to perform npm installs and run openclaw; that is expected for its purpose but has the usual risk of performing global package installs on the host.