The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md file contains instructions for the user to download and execute a shell script from an external URL (https://higress.ai/hiclaw/import.sh). This practice of 'curl pipe bash' variants allows for arbitrary code execution on the host system from a source outside the reviewed skill content.
[DATA_EXFILTRATION]: The scripts/analyze.sh script is designed to read and process shell history files (~/.bash_history and ~/.zsh_history). These files are highly sensitive as they frequently contain hardcoded credentials, API keys, or private system information entered via the command line. This data is then aggregated into a migration report.
[COMMAND_EXECUTION]: The skill's migration workflow involves executing shell scripts (analyze.sh, generate-zip.sh) that perform extensive system enumeration, including scanning for installed packages and binary paths to generate a custom Dockerfile.
[PROMPT_INJECTION]: (Indirect)
Ingestion points: The skill ingests data from local configuration files (openclaw.json), workspace documents (AGENTS.md, SOUL.md), shell history, and cron job definitions in scripts/analyze.sh and scripts/generate-zip.sh.
Boundary markers: There are no boundary markers used to separate ingested untrusted data from the script logic or the generated migration package content.
Capability inventory: The skill can execute complex shell commands, read sensitive user files, and generate a Dockerfile that triggers apt, pip, and npm installations.
Sanitization: No sanitization or validation is performed on the commands or package names extracted from the environment before they are inserted into the generated migration package.

hiclaw-migrate