ClawHub

Openclaw Migrate

Security checks across malware telemetry and agentic risk

Overview

This migration skill mostly does what it claims, but it copies credentials and scheduled jobs to another host with broad, under-scoped control and unsafe shell command construction.

Install only if you intentionally want this skill to control SSH migration between trusted hosts. Before running it, review and limit the tokens, OpenClaw memory, and cron jobs you are willing to copy, use only trusted host/user/key values, and be prepared to clean up remote shell profiles and crontab entries afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly states that environment variables such as HA_TOKEN, GITHUB_TOKEN, API keys, and cron jobs will be synchronized to another host, but it does not warn users that this transfers sensitive secrets and system-level scheduled tasks. In a migration tool, that omission is dangerous because users may unknowingly copy credentials to an untrusted or misconfigured host, increasing the risk of credential exposure, privilege misuse, or persistence through migrated cron entries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states that tokens and environment variables such as HA_TOKEN, GITHUB_TOKEN, BRAVE_API_KEY, and GOOGLE_API_KEY will be migrated, but it does not prominently warn users that highly sensitive secrets are being copied to another host. This is dangerous because a user may run the migration assuming it is routine file sync, while actually transferring credentials to a remote system that may be less trusted, misconfigured, or compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The migration flow includes syncing cron jobs and starting the gateway on the new host, but the documentation does not clearly emphasize that these are system-level changes that can create persistence, duplicate scheduled tasks, or activate services on another machine. In context, this makes the skill more dangerous because it performs operational changes beyond simple file transfer, and users may not realize they are enabling active processes remotely.

Missing User Warnings

High
Confidence
97% confidence
Finding
The tool automatically collects sensitive local secrets such as HA_TOKEN, GITHUB_TOKEN, and API keys, then writes them into remote shell profiles without a dedicated warning or consent step at the moment of transfer. In this migration context, that can expose credentials to an unintended host, persist them in plaintext on disk, and broaden compromise if the remote machine or account is less trusted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool copies the local user's entire crontab to the remote host without a separate warning or review step before replacing remote scheduled tasks. This can unintentionally establish persistence, run host-specific commands on the wrong system, or overwrite an existing remote crontab in a way that creates security and operational risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal