Claw Migrate
ReviewAudited by ClawScan on May 10, 2026.
Overview
This guide is transparent and has no code, but it tells users to import, restore, and share whole OpenClaw workspaces in ways that can overwrite agent behavior or expose private memory if not carefully reviewed.
Use this only as a manual guide. Keep personal backups private, do not publish memory or agent state without reviewing it, and never extract a downloaded config directly into your live OpenClaw workspace—inspect it in a temporary folder first.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or simply bad shared config could overwrite agent settings, skills, scripts, or memory and change how the user's OpenClaw workspace behaves.
The guide tells users to clone an external community config and extract its archive directly into the OpenClaw workspace, but does not require pinning, signatures, staging, or archive-content inspection before applying it.
git clone https://github.com/hanxueyuan/clawtalent-CT-XXXX.git cd clawtalent-CT-XXXX tar -xzf config.tar.gz -C /workspace/projects/workspace/
Clone and extract shared configs only in a temporary staging directory first; inspect tar contents, skills, scripts, agents, and memory before copying selected files into the real workspace.
Private user context or persistent agent instructions may be included in shared backups, and restored memory can influence future agent behavior.
The backup scope includes persistent memory/learnings and agent/skill state, while the sharing sanitization example removes only a few secret-bearing paths and does not explicitly require reviewing or excluding memory and learnings before upload.
memory/ .learnings/ docs/ scripts/ templates/ skills/ agents/ ... Upload sanitized config ... rm -rf .env credentials/ identity/ devices/
Treat memory, .learnings, USER.md, IDENTITY.md, agents, skills, and scripts as sensitive; redact or exclude them from public/shared configs unless each file has been reviewed.
A mistaken or hostile archive could break the workspace or cause changed agent behavior to persist after restart.
The restore flow applies an archive directly to the live workspace and restarts OpenClaw, which can propagate bad or unexpected files into future sessions without a clear staging or rollback step.
tar -xzf your-backup.tar.gz -C /workspace/projects/workspace/ ... openclaw gateway restart
Before restoring, list the archive contents, extract to a temporary directory, back up the current workspace, and copy only reviewed files into place.