Safe Agent Sharing and Migration in OpenClaw
How to safely share, distribute, or migrate OpenClaw agents without exposing secrets, runtime memory, or machine-specific state.
🔍 Symptoms
Problematic Behaviors When Sharing OpenClaw Instances
Users attempting to share or migrate their OpenClaw agents encounter several dangerous patterns:
1. Full Directory Copy Leaks Secrets
$ cp -r ~/.openclaw /shared/agent-backup
$ ls -la /shared/agent-backup/
.total 32
drwxr-xr-x 8 developer staff 256 Sep 15 10:30 .
drwxr-xr-x 6 developer staff 4096 Sep 15 10:30 ..
-rw-r--r-- 1 developer staff 4096 Sep 15 10:30 .env # ⚠️ CONTAINS API KEYS
drwxr-xr-x 6 developer staff 4096 Sep 15 10:30 .openclaw/
drwxr-xr-x 2 developer staff 4096 Sep 15 10:30 memory/ # ⚠️ RUNTIME STATE
-rw-r--r-- 1 developer staff 4096 Sep 15 10:30 logs/ # ⚠️ EXECUTION HISTORY
-rw-xr-x 2 developer staff 4096 Sep 15 10:30 workspace/ # ⚠️ MACHINE-SPECIFIC PATHS
-rw-r--r-- 1 developer staff 4096 Sep 15 10:30 soul.md # ✅ PORTABLE
drwxr-xr-x 2 developer staff 4096 Sep 15 10:30 skills/ # ✅ PORTABLE
2. Inconsistent Agent Behavior After Migration
When runtime memory and logs are transferred to a new environment:
$ openclaw run --agent /shared/agent-backup
[WARN] Memory checksum mismatch: expected 7a3f..., got 9c2b...
[WARN] Loading stale memory state from incompatible runtime
[ERROR] Agent identity loaded but capabilities degraded due to corrupted memory references
3. Hardcoded Paths Break Cross-Machine Execution
$ cat soul.md
# Agent Configuration
base_path: /home/developer/projects/agent-workspace # ⚠️ MACHINE-SPECIFIC
api_config: /home/developer/.openclaw/.env # ⚠️ ABSOLUTE PATH
4. API Key Exposure in Shared Artifacts
$ cat .env | grep -i openai
OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # ⚠️ SECRET LEAKED
ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # ⚠️ SECRET LEAKED
Impact Summary
| Symptom | Risk Level | Reproducibility |
|---|---|---|
| Secret keys in shared directories | Critical | Always |
| Runtime memory copied | Medium | Intermittent failures |
| Hardcoded absolute paths | High | Cross-machine fails |
| Logs revealing internal state | Medium | Information disclosure |
🧠 Root Cause
Architectural Issue: Unified State Store
OpenClaw’s current .openclaw/ directory structure does not distinguish between portable agent definition and instance-local runtime state. This design oversight creates fundamental risks when sharing or migrating agents.