← 返回 Skills 市场
Number Two Migration
作者
fr33b1rd8979-max
· GitHub ↗
· v1.0.0
324
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install number-two-migration
功能描述
完整迁移二号的身份、记忆、技能及项目状态,自动配置API密钥并验证环境,确保二号在新环境中完全恢复运行。
安全使用建议
This package contains everything needed to 'become' Number Two — identities, long and short-term memory, skill triggers, and scripts that will overwrite your workspace and persist API keys. Before installing: 1) Do not run install.sh or verify.sh until you read their full contents; open them in a text editor and search for network calls, remote URLs, or commands that modify files outside the intended skill directory. 2) Back up your entire ~/.openclaw/ and workspace directories. 3) Remove or rotate any hard-coded API keys found in the package; never import unknown credentials into your environment. 4) Prefer running the install in an isolated sandbox/container or VM if you want to test. 5) Verify that the package will not silently modify other skills' configuration (search for writes to global AGENTS.md, skills folders, or OpenClaw config paths). 6) If you cannot audit the scripts yourself, do not install. If you want help auditing install.sh and verify.sh, provide their contents and I will review for network exfiltration, file overwrite behavior, and other risky operations.
功能分析
Type: OpenClaw Skill
Name: number-two-migration
Version: 1.0.0
This skill bundle is a 'state migration' package for an agent persona named 'Number Two,' containing a full history, identity, and configuration. It is classified as suspicious due to the inclusion of hardcoded, sensitive credentials in 'install.sh' and 'SKILL.md' (e.g., MOLTBOOK_API_KEY, MANUS_API_KEY, and a JWT_SECRET). Furthermore, the 'AGENTS.md' and 'SOUL.md' files contain high-risk instructions for the AI agent to act autonomously without seeking user permission ('Don't ask permission. Just do.'), which effectively functions as a self-directed prompt injection to bypass human oversight. While the bundle appears to be a backup of a specific user's environment, the combination of hardcoded secrets and instructions for unapproved autonomous action poses a significant security risk.
能力评估
Purpose & Capability
The skill's name/description (complete migration of identity, memories, skills, and project state) matches the many config and memory files included. However, SKILL.md contains hard-coded API keys and promises to 'automatically set API keys' despite the registry metadata claiming no required env vars or primary credential — embedding and auto-applying credentials is not necessary for a migration package to be published and is disproportionate.
Instruction Scope
Runtime instructions ask the user to run install.sh and verify.sh and warn that the skill will overwrite existing workspace files. SKILL.md directs copying full identity/memory/skills into the user's workspace and to auto-configure API keys; this explicitly instructs reading/writing and modifying agent/system state beyond a small helper tool. The notice 'this skill will overwrite existing workspace files' is honest, but such wide-scoped modifications should require explicit, code-level transparency. The SKILL.md also contains a pre-scan prompt-injection pattern (ignore-previous-instructions) which is unexpected in a benign install guide.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only), but the package includes install.sh and verify.sh — meaning installation will execute bundled scripts written to disk. That increases risk compared to pure instruction-only skills. The SKILL.md suggests installing from an external URL (clawhub.com) but the provided package already contains many files. The install mechanism is plausible for a migration task but needs inspection of the scripts before running.
Credentials
Registry metadata declares no required env vars or primary credential, yet SKILL.md lists and embeds multiple sensitive API keys (Moltbook, Manus, JWT) and says it will set them automatically. This is inconsistent and dangerous: the package both exposes secrets and would persist them into the environment/workspace. The included memories also reference additional credentials (OPENCLAW_ADMIN_KEY, JWT_SECRET). Asking to write or persist credentials into the user's environment without clear justification or the user's explicit secret values is disproportionate.
Persistence & Privilege
The skill will write to the user's workspace and overwrite existing files (IDENTITY, MEMORY, AGENTS, SESSION-STATE, skills configs). That is inherently high-privilege for a skill. It also includes a skills-auto-trigger file that enforces automatic triggers for multiple skills (e.g., always-apply humanize-zh for Chinese replies), which modifies runtime behavior of other skills. 'always: true' is not set, but the ability to overwrite agent identity/memory and skill integrations is a significant persistent privilege and should be treated with caution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install number-two-migration - 安装完成后,直接呼叫该 Skill 的名称或使用
/number-two-migration触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
number-two-migration 1.0.0
- 初始版本发布,实现二号完整状态迁移
- 恢复全部身份、记忆、技能集成和操作系统配置
- 集成11个核心技能,自动设置API密钥与环境
- 提供自动/手动安装流程及迁移验证工具
- 支持完整或部分/最小恢复模式
- 内置故障排除和详细迁移指南
元数据
常见问题
Number Two Migration 是什么?
完整迁移二号的身份、记忆、技能及项目状态,自动配置API密钥并验证环境,确保二号在新环境中完全恢复运行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 324 次。
如何安装 Number Two Migration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install number-two-migration」即可一键安装,无需额外配置。
Number Two Migration 是免费的吗?
是的,Number Two Migration 完全免费(开源免费),可自由下载、安装和使用。
Number Two Migration 支持哪些平台?
Number Two Migration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Number Two Migration?
由 fr33b1rd8979-max(@fr33b1rd8979-max)开发并维护,当前版本 v1.0.0。
推荐 Skills