Securely migrate OpenClaw Agent (config, memory, skills) to a new machine.

This package appears to implement a local, encrypted migration utility and is internally consistent. Before installing or running it: 1) Verify the source — no homepage/repository is listed in the registry metadata, so prefer obtaining it from a trusted repo if possible. 2) Inspect the package.json and source (already included) and prefer running it in a non-privileged account. 3) Use a strong password when exporting archives and keep backups of originals until a successful test restore is completed. 4) If you run npm install to enable the CLI, be aware that npm will fetch third-party dependencies (archiver, tar, fs-extra, commander) — only install if you trust those packages and your network. 5) The test/mock data includes a placeholder API key — ensure you do not accidentally import test data into a production config. Overall: coherent and matches its stated purpose, but exercise the usual caution installing/running code from an unknown publisher.

Type: OpenClaw Skill Name: migrator Version: 1.1.0 The OpenClaw Migrator skill is designed to securely package and restore OpenClaw agent data. It implements strong security measures, including AES-256-GCM encryption with `scrypt` for key derivation (`src/archive.js`, `src/restore.js`), and explicit path traversal protection during archive extraction (`src/restore.js`). The skill's instructions in `SKILL.md` and `README.md` are purely descriptive and do not contain any prompt injection attempts. All file operations are local and aligned with the stated purpose of migrating agent configurations and data, with no evidence of data exfiltration, malicious execution, persistence, or obfuscation.