Openclaw Migrate
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill has a coherent migration purpose, but it can copy secrets and cron jobs to another host and uses unsafe shell-command construction.
Use this only if you trust both the skill source and the SSH target. Run it manually, review destination paths, back up the target crontab first, avoid using a root SSH account, choose which tokens to migrate, and verify or pin any remote npm installation before starting the migrated gateway.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious host, username, key path, file path, environment value, or cron line could cause unintended local or remote shell commands to run during migration.
SSH commands are assembled as shell strings using setup-provided host/user/key and command content, then executed with child_process.exec. Similar string execution is used for SCP, env sync, and cron sync.
const sshCmd = `ssh ${options.key ? `-i ${options.key}` : ''} ${user}@${host} \"${cmd}\"`; ... exec(sshCmd, ...)Use spawn/execFile with argument arrays or a dedicated SSH library, strictly validate host/user/key inputs, escape remote commands safely, and require explicit confirmation before high-impact actions.
The migration may write to unexpected absolute paths on the remote host or fail in confusing ways; if run as a privileged SSH user, it could modify protected locations.
For files under the user's home directory, replacing HOME with an empty string can turn `~/.openclaw/file` into a remote path like `/.openclaw/file`, which does not match the documented destination of `~/.openclaw/`.
remote: fullPath.replace(process.env.HOME || '/home/crix', '')
Map local home-relative paths explicitly to the remote user's home directory, preview all destination paths, and avoid running this migration as root.
Tokens copied to the target host may grant access to GitHub, Google, Home Assistant, Brave Search, or other services if that host or user account is compromised.
The skill intentionally reads and transfers provider tokens and API keys to the remote host, but the registry metadata declares no env vars or primary credential.
const ENV_VARS_TO_SYNC = [ 'HA_URL', 'HA_TOKEN', 'GITHUB_TOKEN', 'BRAVE_API_KEY', 'GOOGLE_API_KEY', 'GOOGLE_SERVICE_ACCOUNT' ];
Declare sensitive credential handling in metadata, let users choose exactly which secrets to migrate, store them with appropriate permissions, and recommend rotating tokens after migration if exposure is possible.
Existing scheduled jobs on the target host could be overwritten, and local automations may begin running on the new host unexpectedly.
The cron sync path pipes the local crontab into `crontab -` on the remote host, which replaces the remote user's crontab rather than clearly merging or backing it up.
const cmd = `ssh ${user}@${host} ... | crontab -`;Back up the remote crontab, show a diff, merge only OpenClaw-related entries by default, and require confirmation before replacing scheduled jobs.
The remote host will run whatever package version npm resolves at migration time.
The skill can install OpenClaw from npm on the remote host without pinning a version; the code prompts first, so this is purpose-aligned but supply-chain sensitive.
const installCmd = 'npm install -g openclaw';
Pin the expected OpenClaw package version or checksum, and have users verify the package source before allowing remote installation.
Private memory, saved context, or untrusted skill state may be copied to the target host and reused after migration.
The skill migrates persistent OpenClaw memory and skills, which is expected for this purpose but can carry sensitive context or prior instructions into a new environment.
| `~/.openclaw/` | `~/.openclaw/` (skills, memory, config) |
Review the OpenClaw workspace before migration, exclude stale or sensitive memory if needed, and verify migrated skills before starting the gateway.