Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Migration Pro
v1.1.1OpenClaw 环境迁移工具专业版。识别 Skills 与其维护数据的关联关系, 完整迁移到另一个 OpenClaw 环境。 打包 → 运输 → 归位,像搬家一样简单。
⭐ 0· 103·1 current·1 all-time
by@yankj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (environment migration) matches the files and CLI examples. However there are contradictory claims across files: most docs and SKILL.md explicitly say API Keys / credentials are excluded from backups, while PROMOTION-v3.md explicitly claims v3 will 'pack credentials' (pack your API Keys). A migration tool should not need wide unrelated access; this conflicting messaging about handling credentials is a substantive mismatch with the stated safe behaviour.
Instruction Scope
SKILL.md describes analysis/pack/unpack/transfer flows and explicitly shows an option that by default 'automatically sends file to current channel' in examples (though --no-send exists). That automatic-sending behavior is a potential exfiltration vector if enabled by default. SKILL.md also recommends running external install scripts (curl https://openclaw.ai/install.sh | bash) — normal for installing the platform but worth caution. The instructions reference user config paths (e.g., ~/.openclaw/credentials) and copy/rsync operations which are in-scope; the problematic part is the implicit/default 'send to channel' and the inconsistent guidance about packaging credentials.
Install Mechanism
This is instruction-only with no install spec; that keeps risk lower (nothing fetched/installed by the skill itself). There is one small script (scripts/analyze.sh) included — review its contents — but there is no download-from-URL install step embedded in the skill package itself. The SKILL.md does instruct users to run an external OpenClaw installer (curl | bash) when OpenClaw is missing; that is a normal instruction but always increases risk if the source is unverified.
Credentials
The skill declares no required env vars or credentials (good), yet the documentation repeatedly references user credentials paths (~/.openclaw/credentials) and whether credentials are included/excluded. The marketing PROMOTION-v3 explicitly promotes packing credentials — which would require access to sensitive files — but that behavior is inconsistent with other docs that say credentials are excluded. The skill asking to 'send to current channel' could lead to secrets being transmitted if the package actually collects credentials.
Persistence & Privilege
No privileged flags (always:false). Model invocation is enabled (default) which is normal. The skill does not request system-wide config modifications or persistent elevated privileges in the registry metadata.
What to consider before installing
This skill looks like a legitimate migration tool but the materials conflict about how credentials are handled and show examples that automatically send backup files to the 'current channel'. Before installing or running it: 1) ask the publisher to confirm whether credentials are excluded by default (and prefer the behavior that excludes secrets); 2) inspect scripts/analyze.sh and any pack/unpack code for reads of ~/.openclaw/credentials or network/send operations (grep for "credentials" "send" "channel" "scp" "rsync" "curl" "ssh"); 3) prefer running pack with --no-send and in an isolated VM or test account first; 4) if you must transfer backups, use encrypted channels (rsync/SSH) and delete temporary archives after transfer; 5) avoid piping unknown remote install scripts (curl | bash) unless you trust the source and have reviewed it; 6) if PROMOTION-v3 is part of the repo, treat it as marketing — confirm actual default behavior in code. If the author cannot clearly explain/point to the code that enforces exclusion of credentials, do not use it on any machine holding real API keys or sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk975fyrz9m52sxdy1hv080yg0n83py29
License
MIT-0
Free to use, modify, and redistribute. No attribution required.