OpenClaw Theme Patcher
AdvisoryAudited by VirusTotal on Apr 15, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-theme-patcher Version: 1.0.0 The skill bundle is designed to perform invasive, surgical patches on the minified JS and CSS assets of an active OpenClaw installation to apply or migrate UI themes. It includes a Python script (`scripts/backup_theme_bundle.py`) that uses `subprocess` to execute shell commands for locating the application and extracting code snippets. While the instructions in `SKILL.md` and `references/patch-points.md` are focused on benign UI customization, the capability to modify live application code and the use of shell execution for discovery represent a high-risk pattern that could be repurposed for unauthorized code injection or persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may change or break the installed OpenClaw UI until the bundle is repaired or restored.
The skill intentionally edits installed OpenClaw frontend bundles. This is disclosed and purpose-aligned, but it can break the live UI if done incorrectly.
Patch the active OpenClaw install only: - `dist/control-ui/assets/index-*.js` - `dist/control-ui/assets/index-*.css`
Use it only for intended theme work, keep backups, review diffs, and avoid patching built-in themes unless explicitly desired.
A crafted theme ID could cause the backup helper to create or overwrite files outside the intended backup folder under the user's local permissions.
The command-line theme ID is used directly in directory and file names without rejecting slashes, dot-dot segments, or other unsafe path characters.
theme_id = args.theme_id.strip()
backup_dir = out_base / f"openclaw-{theme_id}-theme"
...
(backup_dir / f"{theme_id}.dark.css").write_text(dark_block, encoding="utf-8")Validate theme IDs as safe slugs, such as `[A-Za-z0-9_-]+`, reject path separators and `..`, and verify resolved output paths remain inside the chosen backup directory.
A compromised or oddly named `openclaw` path in the user's PATH could make the backup helper run unintended shell commands.
The script invokes a shell and then embeds the discovered executable path into another shell command. If the path contains shell metacharacters or quotes, this can execute unintended shell syntax.
openclaw_bin = run(["bash", "-lc", "which openclaw"])
resolved = run(["bash", "-lc", f'readlink -f "{openclaw_bin}"'])Avoid `bash -lc` here. Use `shutil.which('openclaw')`, `Path.resolve()`, or pass arguments directly without shell interpolation.