ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Memory Transfer

v1.0.1

Zero-friction memory migration from other AI assistants (ChatGPT, Claude.ai, Gemini, Copilot, Perplexity, Cursor, Windsurf, etc.) into OpenClaw. Triggers: "m...

0· 40·0 current·0 all-time
byMyClaw.ai@myclaw-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's goal (migrating memories from other assistants) matches the included parser for ChatGPT export and prompt-guided flows. However, the SKILL.md instructs running a Node script (node scripts/parse-chatgpt-export.js) but the package metadata declares no required binaries — a mismatch. The skill also claims to auto-scan local agents (Claude Code, Cursor, Windsurf) which explains some local file access, but this capability justifies access only to specific app-memory files; the instructions nevertheless read broad paths which is privacy-sensitive.
!
Instruction Scope
Runtime instructions explicitly tell the agent to: (a) ask the user to upload/paste entire ChatGPT/other-AI exports, (b) run a bundled Node parser that extracts conversation content using unzip/find/rm shell commands, and (c) for local agents, run shell commands that cat and find files under ~/.claude, ~/.cursor, and project directories. These actions can expose large amounts of personal/sensitive data. The SKILL.md's 'never migrate API keys/tokens' promise is a policy statement only — there is no enforcement or automated redaction beyond some limited user.json handling in the parser.
Install Mechanism
There is no install spec (instruction-only), which limits automatic disk writes. The repo includes a Node.js parser (scripts/parse-chatgpt-export.js) and package.json with a bin entry, so a Node runtime is required to run the parser; this requirement is not declared in the skill metadata. No external downloads or remote install URLs are used.
!
Credentials
The skill requests no credentials in metadata, which is appropriate. But its instructions ask to upload/paste complete exports and to auto-scan local config/memory files — both can surface secrets, tokens, or other sensitive data even if the author says they won't migrate API keys. The parser only skips some auth fields (user.json) and does not appear to comprehensively scrub exported content. Asking users to paste full structured responses from other AIs also risks transferring sensitive content.
!
Persistence & Privilege
The skill is not marked always:true and does not request persistent elevated privileges. However, the default ability for the agent to invoke the skill autonomously combined with instructions that scan local files increases blast radius: an autonomously invoked agent using this skill could read local memory/config files. That combination (autonomy + broad local scanning instructions) is a notable risk and should be considered before enabling.
What to consider before installing
This skill appears to do what it says (import memories) but has several red flags you should consider before installing: - The SKILL.md instructs running a Node script (node scripts/parse-chatgpt-export.js) and shell commands (unzip, find, cat, rm) but the skill metadata does not declare Node as a required binary — clarify that requirement and only run the script in a controlled environment. - The skill's local-auto-scan steps read files under ~/.claude, ~/.cursor and project directories. If you enable those flows, the agent will see potentially sensitive files (credentials, private notes). Only allow scanning if you trust the skill and run it on a machine/environment you control. - The prompt-guided and ZIP-based flows ask you to paste or upload whole exports; these exports can contain sensitive data. Do not paste API keys, passwords, or other secrets. Inspect the exported content yourself first and redact anything sensitive. - The included parser uses shell calls (unzip, find, rm -rf via execSync). If you run it locally, run it in an isolated environment (container or VM) and review the script source. Consider running it on a copy of the ZIP rather than the original. If you want to proceed: (1) verify Node is available, (2) review scripts/parse-chatgpt-export.js line-by-line, (3) do migrations on sanitized/export copies, and (4) avoid enabling automatic local scans unless you understand exactly which paths will be read. If anything is unclear, ask the author to clarify how they detect and redact secrets and why Node isn't listed among required binaries.
scripts/parse-chatgpt-export.js:46
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9772vzdmjp7w3yhwf5fcnbed583xg12

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments