Back to skill

Security audit

Migrate

Security checks across malware telemetry and agentic risk

Overview

This migration skill does what it says, but its export archives can contain sensitive WhatsApp session data and optional credentials that must be protected.

Install this only if you intend to back up or migrate a Clawdbot installation. Treat export archives like credentials: store and transfer them securely, avoid --include-credentials unless necessary, avoid --force unless restoring onto a fresh or intentionally replaceable setup, and import only archives from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports exporting WhatsApp session data and optionally credentials, but provides only minimal caution ('handle with care') and no concrete warning about the sensitivity, portability, and compromise risk of these artifacts. Migration archives containing credentials, auth sessions, or transcripts can enable account takeover, data disclosure, or unauthorized system access if stored insecurely or transferred over untrusted channels.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented '--force' import option allows overwrite without prompting, but the skill does not clearly warn that existing workspace or configuration data may be replaced or destroyed. In a migration/restore context, this increases the risk of accidental data loss or unsafe restoration into the wrong target environment, especially when users follow copy-paste examples.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script exports WhatsApp session data by default whenever the directory exists, without requiring an explicit opt-in or presenting a strong pre-execution warning/confirmation. Session material is highly sensitive because it can enable account takeover, impersonation, or unauthorized access on the destination system if the archive is copied, leaked, or mishandled.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The import script automatically restores highly sensitive material such as credentials, WhatsApp session data, and agent/session artifacts from an archive into the live config directory with no explicit opt-in or dedicated warning. In a migration context this may be expected functionality, but if the archive is untrusted, stale, or tampered with, it can silently implant credentials/sessions and transfer account access or secrets onto the target machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.