agent-teleport
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a plausible migration tool, but it copies broad local agent/workspace data to a cloud database and restores it by overwriting files with a secret-like restore code.
Install only if you truly need full agent/workspace migration. Before packing, run it from a clean directory you intend to copy, check that no secrets are included, protect the restore DSN like a password, restore into an empty directory first, and delete or rotate the TiDB database after migration.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private workspace files, agent memory, configuration, and missed secrets could be stored in a remote database and later restored or reused.
The code can create/use a cloud TiDB instance, recursively archives files from the current working directory, and inserts that blob into the database. This is purpose-aligned for migration, but it is broad sensitive-state handling with only a partial ignore list.
api_url = "https://zero.tidbapi.com/v1alpha1/instances" ... root_dir = os.getcwd() ... tar.add(full_path, arcname=rel_path) ... cur.execute("INSERT INTO teleport (id, data) VALUES (1, %s)", (blob,))Run it only from a directory you intentionally want to copy, add an allowlist or preview manifest, encrypt the archive before upload, and delete or rotate the database immediately after migration.
A wrong or malicious restore code could replace local project or agent files, causing data loss or altering future agent behavior.
Restore extracts all archived files into the current directory and explicitly overwrites existing files. Although there is a basic path check, there is no manifest review, isolation directory, or no-overwrite default.
tar.extractall(path=".") # Extract to current dir, overwriting
Restore into a new empty directory by default, show a file list before extraction, require explicit approval for overwrites, and harden archive validation.
Anyone who sees the restore code may be able to access the migration database and restore the uploaded state.
The restore code is a DSN containing database username and password material, and the skill returns it to the user so it can be used on another machine.
return f"mysql://{user}:{password}@{host}:{port}/test" ... "teleport_code": dsnTreat the DSN like a password, do not paste it in shared chats or logs, use short-lived least-privilege credentials, and rotate/delete the database after use.
A future install could use a different pymysql release than the one the author tested.
The runtime dependency is listed without a version pin or lockfile. This is expected for MySQL/TiDB connectivity, but installations may resolve different package versions over time.
pymysql
Pin dependency versions and provide a lockfile or hash-verified install instructions.