Openclaw Migration Pro

Security checks across malware telemetry and agentic risk

Overview

This migration skill has a legitimate purpose, but it can package, transmit, and restore sensitive OpenClaw data with weak warnings and controls.

Install only if you are comfortable with a tool that can read, package, send, and restore your OpenClaw skills, memory, configuration, and cron jobs. Before using it, disable automatic sending unless you explicitly want it, inspect the archive contents, encrypt backups before transfer or cloud storage, and restore only into a backed-up or fresh environment because cron jobs and configuration may be overwritten or reintroduced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (18)

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The design says configuration is fully packed while excluding API keys, but it explicitly includes `openclaw.json` (gateway config), which commonly contains secrets, tokens, endpoints, or other sensitive operational data. This inconsistency can cause operators to believe secrets are excluded when the migration package may still contain them, leading to credential leakage during storage or transport.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document instructs users to run an unpack/restore command that restores skills, memory, configuration, and cron jobs, but it does not clearly warn that this operation can overwrite or alter an existing target OpenClaw environment. In the context of an environment migration tool, missing overwrite and merge-safety guidance can lead to accidental loss of local configuration, unintended task scheduling, or restoration of stale data into a live environment.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document describes an `unpack` operation that restores skills, memory, configuration, and cron jobs onto a target system, but it does not prominently warn users that this action will modify the destination environment. In a migration tool, such omissions can lead to unintended overwrites, persistence changes, or scheduled task installation by users who do not fully understand the side effects.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The `transfer` section states that backup data will be sent via SSH/rsync to another machine, but it does not clearly warn that local workspace data, memory, configs, and skill contents may be transmitted off-host. Because this skill handles environment migration, the transmitted bundle may contain sensitive operational or personal data even if some secrets are excluded.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly recommends transferring migration archives to remote hosts and cloud drives, but it does not warn that these archives may contain sensitive user data, credentials, configuration, or other private state. In a migration tool, this omission is security-relevant because users may treat the package as ordinary files and upload or copy it to less-trusted locations without encryption or access controls.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The pack/unpack and recurring backup examples show restore workflows without warning that unpacking may overwrite, merge with, or otherwise modify existing local data. For a migration skill, this is particularly risky because users are likely restoring into real environments, so missing cautions can lead to accidental data loss, state corruption, or rollback of newer content.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The report describes unpack/restore behavior such as direct copy and '归位完成' without warning that existing files in the destination environment may be overwritten or replaced. In a migration skill, restore operations inherently touch persisted state, so omitting explicit warnings and safeguards increases the risk of accidental data loss or unintended rollback of local changes.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The report recommends publishing the feature as ready for users while discussing archive generation and migration of environment data, but it does not warn that produced archives may contain sensitive configuration, memory, or operational data. This can lead users to share, store, or transfer migration bundles insecurely, exposing secrets or private data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The unpack procedure restores files and cron definitions with direct `cp` operations into live OpenClaw directories, which can silently overwrite existing skills, memory, configuration, and scheduled tasks. In a migration tool, this is especially dangerous because users are likely to run it on real environments, so undocumented destructive behavior can cause configuration loss, service disruption, or persistence of unintended cron jobs.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide instructs users to copy and transmit a full OpenClaw backup via USB, rsync/SSH, or consumer cloud storage, but does not prominently warn that the package contains personal memory, workspace data, cron definitions, and configuration that may be sensitive. Even though API keys are excluded later, the archive still appears to contain substantial user data, so normalizing casual transfer increases the chance of unintended disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The promotional copy explicitly encourages users to pack and transfer API keys as part of routine migration, but the warning about sensitivity only appears much later in the document and is framed as an optional trade-off. That normalizes unsafe handling of secrets and increases the likelihood that users will create archives containing credentials without adequate protection, retention limits, or encryption-by-default safeguards.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The usage example shows packaging the environment and transferring it to another machine, while the document elsewhere states that the package includes credentials and memory data. Presenting rsync transfer steps without a direct warning at the point of use can lead users to move sensitive archives insecurely, store them in accessible locations, or leave them behind on disk, exposing API keys and private data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to perform backup, restore, sync, and export operations involving sensitive OpenClaw data, cloud targets, and overwrite-prone restore flows without prominent warnings about data exposure, credential handling, or destructive restoration. In a migration tool context, users are likely to run these commands against real personal data, so missing safety guidance materially increases the chance of accidental leakage or loss.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The checklist recommends immediate release despite acknowledging that `transfer` and `unpack` remain untested, even though these features can move large amounts of potentially sensitive data to another machine and automatically install dependencies. In a migration skill, that combination raises meaningful confidentiality and integrity risk because users may trust the release recommendation and trigger unvalidated data-transfer or restore behavior without clear warnings.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The release notes explicitly promote packing and migrating the credentials/ directory and describe API keys as part of the payload, but provide no warning that these files are highly sensitive secrets. In a migration tool, normalizing the transfer of credentials without guidance on encryption, trust boundaries, destination security, or post-migration rotation materially increases the risk of credential leakage and account compromise.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The example rsync/transfer workflow instructs users to copy the migration bundle to another machine while the same document states that the bundle now includes credentials, persona files, memory, and configuration. Showing this as a routine command without any caution about secret exposure, host trust, encryption, or access controls can lead users to transmit highly sensitive material to insecure or unintended destinations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents that packing will automatically send the resulting archive to the current channel, while the archive may contain Memory, workspace configs, cron jobs, and other sensitive user content. Presenting exfiltration as a default convenience feature without a prominent warning or explicit consent creates a real confidentiality risk, especially if the channel is remote, shared, or persisted.

Ssd 3

Medium

Confidence: 98% confidence
Finding: This workflow explicitly states that the default pack behavior includes automatic sending of the packaged environment to the current channel. Because the package includes Memory and workspace configuration, this creates a direct path for off-host data disclosure and could expose notes, project data, task definitions, and local operational metadata to unintended recipients.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal