VPS Agent Migration

This skill appears to perform a legitimate agent migration, but it asks you (via its instructions) to handle highly sensitive secrets and to use insecure patterns. Before using it: - Understand the sensitive files involved: ~/.openclaw/openclaw.json contains Discord bot tokens and should be treated as secret. - Avoid sshpass/plaintext passwords: prefer SSH key-based auth (disable password login on the VPS if possible). Passing passwords on the command line exposes them to shell history and process listings. - Do not paste tokens into single-line remote commands if you can avoid it; instead transfer files over an encrypted channel with correct permissions, or edit configs interactively on the VPS. - Back up both local and remote openclaw.json before modifying. Verify file ownership and permissions after copying (restrict to the service user/root). - After migration, rotate any tokens you moved (generate a new Discord bot token) to limit exposure if the transfer was observed. - The skill manifest did not declare that it needs access to config paths or secrets — treat that omission as a red flag and confirm manually what will be read/changed before running any steps. If you’re not comfortable handling tokens and root credentials directly, consider doing the migration interactively (SSH in, run commands with care) or hiring an administrator to perform the steps securely.