OpenClaw Theme Patcher
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with theme patching, but its helper script has unsafe shell and file-path handling that should be reviewed before use.
Review and preferably patch the helper script before running it. If you still use the skill, run it only for a simple trusted theme ID, keep backups, and confirm exactly which OpenClaw installation and bundle files will be edited.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may change or break the installed OpenClaw UI until the bundle is repaired or restored.
The skill intentionally edits installed OpenClaw frontend bundles. This is disclosed and purpose-aligned, but it can break the live UI if done incorrectly.
Patch the active OpenClaw install only: - `dist/control-ui/assets/index-*.js` - `dist/control-ui/assets/index-*.css`
Use it only for intended theme work, keep backups, review diffs, and avoid patching built-in themes unless explicitly desired.
A crafted theme ID could cause the backup helper to create or overwrite files outside the intended backup folder under the user's local permissions.
The command-line theme ID is used directly in directory and file names without rejecting slashes, dot-dot segments, or other unsafe path characters.
theme_id = args.theme_id.strip()
backup_dir = out_base / f"openclaw-{theme_id}-theme"
...
(backup_dir / f"{theme_id}.dark.css").write_text(dark_block, encoding="utf-8")Validate theme IDs as safe slugs, such as `[A-Za-z0-9_-]+`, reject path separators and `..`, and verify resolved output paths remain inside the chosen backup directory.
A compromised or oddly named `openclaw` path in the user's PATH could make the backup helper run unintended shell commands.
The script invokes a shell and then embeds the discovered executable path into another shell command. If the path contains shell metacharacters or quotes, this can execute unintended shell syntax.
openclaw_bin = run(["bash", "-lc", "which openclaw"])
resolved = run(["bash", "-lc", f'readlink -f "{openclaw_bin}"'])Avoid `bash -lc` here. Use `shutil.which('openclaw')`, `Path.resolve()`, or pass arguments directly without shell interpolation.