OpenClaw Theme Patcher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may change or break the installed OpenClaw UI until the bundle is repaired or restored.
The skill intentionally edits installed OpenClaw frontend bundles. This is disclosed and purpose-aligned, but it can break the live UI if done incorrectly.
Patch the active OpenClaw install only: - `dist/control-ui/assets/index-*.js` - `dist/control-ui/assets/index-*.css`
Use it only for intended theme work, keep backups, review diffs, and avoid patching built-in themes unless explicitly desired.
A crafted theme ID could cause the backup helper to create or overwrite files outside the intended backup folder under the user's local permissions.
The command-line theme ID is used directly in directory and file names without rejecting slashes, dot-dot segments, or other unsafe path characters.
theme_id = args.theme_id.strip()
backup_dir = out_base / f"openclaw-{theme_id}-theme"
...
(backup_dir / f"{theme_id}.dark.css").write_text(dark_block, encoding="utf-8")Validate theme IDs as safe slugs, such as `[A-Za-z0-9_-]+`, reject path separators and `..`, and verify resolved output paths remain inside the chosen backup directory.
A compromised or oddly named `openclaw` path in the user's PATH could make the backup helper run unintended shell commands.
The script invokes a shell and then embeds the discovered executable path into another shell command. If the path contains shell metacharacters or quotes, this can execute unintended shell syntax.
openclaw_bin = run(["bash", "-lc", "which openclaw"])
resolved = run(["bash", "-lc", f'readlink -f "{openclaw_bin}"'])Avoid `bash -lc` here. Use `shutil.which('openclaw')`, `Path.resolve()`, or pass arguments directly without shell interpolation.