ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Knowledge Transfer

v1.0.0

Complete knowledge transfer protocol for transforming process-only agents into proper agents with full identity, skills, memory, and context. Use when creati...

0· 42·1 current·1 all-time
by@stefanferreira
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name and description match the instructions: the skill is explicitly a knowledge-transfer protocol and its steps copy identity, memory, tools, and skills into an agent workspace. Asking to create agent-specific identity/skill files and copy memory is coherent with the stated purpose.
!
Instruction Scope
The SKILL.md instructs the agent/operator to list and copy files from /root/.openclaw/workspace and to copy memory/*.md into a new agent workspace, then to run a Python script from /root/.openclaw/workspace (truncated in the file). Those steps require reading potentially sensitive data (user profiles, memory, history) and executing an unreviewed local script. Running arbitrary workspace scripts and copying entire memory logs are broad actions beyond simple configuration and can leak secrets or run malicious code.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or installed by the skill itself. This minimizes supply-chain install risk, but the runtime instructions still perform file operations on the host filesystem.
!
Credentials
The skill declares no environment variables, but it instructs direct access to host paths under /root/.openclaw and requests changing openclaw.json to include a 'read' tool in the agent's tools.allow list. Granting broad read access to workspace and memory files is a high-privilege request relative to a simple setup step and can expose sensitive user data and secrets present in memory/history files.
!
Persistence & Privilege
always:false (normal), but the guide explicitly tells operators to modify openclaw.json to enable the 'read' tool for the agent. That is effectively a privilege escalation for the agent (file-read capability) and, combined with copying files into /root/.openclaw/agents, creates persistent artifacts and broader long-term access. The instruction to run a workspace Python script further increases privilege/attack surface.
What to consider before installing
This skill is coherent with its goal of transferring agent identity and memory, but it performs sensitive host operations: it reads and copies files from /root/.openclaw (including memory logs), tells you to enable a 'read' tool in openclaw.json, and asks you to run a Python script from the workspace. Before installing or running this skill: 1) Inspect the exact files it will copy (IDENTITY.md, MEMORY.md, memory/*.md) for secrets or personal data; 2) Do not enable broad 'read' permissions unless you trust every file and the agent's behavior; 3) Manually inspect and run any scripts referenced (e.g., the truncated python3 /root/.openclaw/workspace/scri...) in a sandbox before letting the agent execute them; 4) Prefer performing the copy and config-change steps manually or limit them to a minimal, reviewed subset of files; 5) Backup openclaw.json and agent workspaces before changes; and 6) If you lack full visibility into the workspace contents or the referenced scripts, treat this skill as high-risk and avoid granting it file-read privileges or autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f0rbx30dqf1s618nwpy9qhh84krp1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments