← 返回 Skills 市场
148
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-migration-pro
功能描述
OpenClaw 环境迁移工具专业版。识别 Skills 与其维护数据的关联关系, 完整迁移到另一个 OpenClaw 环境。 打包 → 运输 → 归位,像搬家一样简单。
安全使用建议
This skill looks like a legitimate migration tool but the materials conflict about how credentials are handled and show examples that automatically send backup files to the 'current channel'. Before installing or running it: 1) ask the publisher to confirm whether credentials are excluded by default (and prefer the behavior that excludes secrets); 2) inspect scripts/analyze.sh and any pack/unpack code for reads of ~/.openclaw/credentials or network/send operations (grep for "credentials" "send" "channel" "scp" "rsync" "curl" "ssh"); 3) prefer running pack with --no-send and in an isolated VM or test account first; 4) if you must transfer backups, use encrypted channels (rsync/SSH) and delete temporary archives after transfer; 5) avoid piping unknown remote install scripts (curl | bash) unless you trust the source and have reviewed it; 6) if PROMOTION-v3 is part of the repo, treat it as marketing — confirm actual default behavior in code. If the author cannot clearly explain/point to the code that enforces exclusion of credentials, do not use it on any machine holding real API keys or sensitive data.
功能分析
Type: OpenClaw Skill
Name: openclaw-migration-pro
Version: 1.1.1
The openclaw-migration-pro bundle describes a tool for migrating OpenClaw environments, including sensitive data like API keys (credentials/), memory files, and configurations. While the documentation (e.g., RELEASE-NOTES-v3.md and PROMOTION-v3.md) explicitly frames the inclusion of credentials as a feature for seamless migration, this capability presents a high risk for data exfiltration and exposure. The tool utilizes high-risk operations such as remote data transfer via rsync and software installation via 'curl | bash' (SKILL.md). Although the intent appears to be a legitimate utility and no hardcoded malicious endpoints were identified, the broad access to secrets and the built-in mechanisms for external data movement warrant a suspicious classification.
能力评估
Purpose & Capability
The skill's name/description (environment migration) matches the files and CLI examples. However there are contradictory claims across files: most docs and SKILL.md explicitly say API Keys / credentials are excluded from backups, while PROMOTION-v3.md explicitly claims v3 will 'pack credentials' (pack your API Keys). A migration tool should not need wide unrelated access; this conflicting messaging about handling credentials is a substantive mismatch with the stated safe behaviour.
Instruction Scope
SKILL.md describes analysis/pack/unpack/transfer flows and explicitly shows an option that by default 'automatically sends file to current channel' in examples (though --no-send exists). That automatic-sending behavior is a potential exfiltration vector if enabled by default. SKILL.md also recommends running external install scripts (curl https://openclaw.ai/install.sh | bash) — normal for installing the platform but worth caution. The instructions reference user config paths (e.g., ~/.openclaw/credentials) and copy/rsync operations which are in-scope; the problematic part is the implicit/default 'send to channel' and the inconsistent guidance about packaging credentials.
Install Mechanism
This is instruction-only with no install spec; that keeps risk lower (nothing fetched/installed by the skill itself). There is one small script (scripts/analyze.sh) included — review its contents — but there is no download-from-URL install step embedded in the skill package itself. The SKILL.md does instruct users to run an external OpenClaw installer (curl | bash) when OpenClaw is missing; that is a normal instruction but always increases risk if the source is unverified.
Credentials
The skill declares no required env vars or credentials (good), yet the documentation repeatedly references user credentials paths (~/.openclaw/credentials) and whether credentials are included/excluded. The marketing PROMOTION-v3 explicitly promotes packing credentials — which would require access to sensitive files — but that behavior is inconsistent with other docs that say credentials are excluded. The skill asking to 'send to current channel' could lead to secrets being transmitted if the package actually collects credentials.
Persistence & Privilege
No privileged flags (always:false). Model invocation is enabled (default) which is normal. The skill does not request system-wide config modifications or persistent elevated privileges in the registry metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-migration-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-migration-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
- 增加打包格式选择(zip、tar.gz),默认 zip,兼容多平台
- 支持自动发送打包文件到当前频道,并可通过 --no-send 关闭
- 新增版本化打包(--versioned),带时间戳
- 补充压缩相关文档:新增 COMPRESSION-COMPARISON.md 和 COMPRESSION-COMPLETE-REPORT.md
- 更新文档,详细说明压缩选项和自动发送流程
v1.1.0
Add compression support: tar.gz (default), zip, and directory format. Compression reduces backup size by ~60% (223MB → 86MB). Added unpack support for compressed files. Improved user experience for file transfer and cloud storage sharing.
v1.0.1
Fix documentation: Updated all command references from 'openclaw-migrate' to 'openclaw-migration-pro'. Added --version flag. Improved help output.
v1.0.0
Professional OpenClaw migration tool with pack/unpack/transfer workflow. Complete rewrite with better exclusion strategy and incremental backup support.
元数据
常见问题
Openclaw Migration Pro 是什么?
OpenClaw 环境迁移工具专业版。识别 Skills 与其维护数据的关联关系, 完整迁移到另一个 OpenClaw 环境。 打包 → 运输 → 归位,像搬家一样简单。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 148 次。
如何安装 Openclaw Migration Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-migration-pro」即可一键安装,无需额外配置。
Openclaw Migration Pro 是免费的吗?
是的,Openclaw Migration Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Migration Pro 支持哪些平台?
Openclaw Migration Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Migration Pro?
由 Yankj(@yankj)开发并维护,当前版本 v1.1.1。
推荐 Skills