The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local helper scripts and dynamically generated JavaScript snippets using pnpm exec tsx. Specifically, in Phase 5, it assembles a script containing data from an external jobs.json file and executes it to perform SQL operations on the messages database.
[DATA_EXFILTRATION]: The skill is designed to read and extract sensitive configuration data and credentials from the user's local filesystem. This includes Anthropic API keys, Telegram bot tokens, Discord tokens, and Slack credentials found in auth-profiles.json, .env, and openclaw.json.
[PROMPT_INJECTION]: The skill has a surface for Indirect Prompt Injection. It ingests untrusted identity and memory data from the user's previous installation and incorporates them into the agent's core personality and instructions. Ingestion points: Migration source files including IDENTITY.md, SOUL.md, and MEMORY.md. Boundary markers: Absent; the content is merged conversationally into the agent's CLAUDE.md. Capability inventory: Subprocess execution via pnpm, filesystem modification, and database access. Sanitization: Absent.
[COMMAND_EXECUTION]: The migration process involves programmatically modifying the project's source code files (e.g., container/agent-runner/src/index.ts) to register MCP servers, which could result in arbitrary code execution if the migrated configuration contains malicious commands.

migrate-from-openclaw