Skills
skills/qwibitai/nanoclaw/migrate-from-v1/Gen Agent Trust Hub

migrate-from-v1

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to manage system services via systemctl and launchctl. It also invokes internal setup scripts using the pnpm exec tsx command.
  • [CREDENTIALS_UNSAFE]: The skill accesses sensitive application paths and files during the migration, including .env configurations, WhatsApp authentication state (keystores), and the OneCLI credential vault. Accessing these files is necessary for migration but constitutes a data exposure risk.
  • [PROMPT_INJECTION]: The skill reads and modifies CLAUDE.local.md files which contain fragments of agent instructions. This interaction with instruction-laden content represents an indirect prompt injection surface.
  • Ingestion points: Reads local migration logs (handoff.json), project instruction files (CLAUDE.local.md), and SQLite databases (v2.db, messages.db).
  • Boundary markers: No explicit delimiters or boundary markers are used to separate ingested data from agent instructions.
  • Capability inventory: The skill can perform database write operations, modify local configuration files, and execute shell commands.
  • Sanitization: Content read from the local file system and databases is processed without specific sanitization or validation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 07:52 PM