Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Dashboard Theme Changer
v2.0.0Change OpenClaw Dashboard accent color with one sentence. Dynamically finds CSS/JS files and updates all accent CSS variables.
⭐ 0· 86·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim to change OpenClaw dashboard colors and the included script exactly locates and edits OpenClaw asset CSS/JS files to do that. The code modifies CSS variables and replaces hardcoded hex colors in JS bundles — this is proportional and expected for the stated goal.
Instruction Scope
SKILL.md instructs running the provided change-theme.sh against OpenClaw assets. The runtime steps are narrowly scoped to locating and editing CSS/JS under the OpenClaw assets directory and verifying results. The instructions do not request reading unrelated files or sending data externally. Minor note: SKILL.md and README state requirements (Bash 4+, OpenClaw installed via npm) but the skill metadata declared 'no required binaries' — the agent will need npm, grep, sed, etc., available to succeed.
Install Mechanism
This is an instruction-only skill with a bundled script; there is no network download or installer. No install spec is present and no external code is fetched at runtime, which is low-risk from an install-mechanism standpoint.
Credentials
The skill declares no environment variables or credentials and the script does not attempt to read secrets. It uses npm root -g and HOME to locate assets, which is appropriate for locating an npm-installed OpenClaw. No sensitive environment access is requested.
Persistence & Privilege
The script writes to OpenClaw's installation assets (CSS/JS under the global npm modules path). That is necessary for a persistent theme change, but it may require elevated filesystem permissions if OpenClaw is installed system-wide (sudo/root). always:false (not force-included) and the skill does not modify other skills or global agent config. Consider that upgrades will overwrite changes (noted by author).
Assessment
This skill appears to do what it says: it edits OpenClaw's CSS and JS assets to change the accent color and its variants. Before installing/running: 1) Inspect change-theme.sh yourself (it's included) to confirm you are comfortable with the exact edits; 2) Back up the target asset files (index-*.css, index-*.js) so you can restore them if needed; 3) Be aware the script locates OpenClaw via npm root -g and writes into the global npm install path — if OpenClaw was installed system-wide you may need sudo to edit those files, or the script will fail; 4) Ensure required utilities (bash, npm, sed, grep, awk) are available — the skill metadata lists none, but the script uses them; 5) Note that upgrades to OpenClaw will overwrite edits (author also warns to re-run the script after upgrades); 6) The skill does not contact external servers or request secrets, and it does not modify other skills. If you want minimal risk, run the script manually in a controlled environment (after backing up) rather than letting an agent invoke it autonomously.Like a lobster shell, security has layers — review code before you run it.
latestvk974rz6f2j0cgq33wwmqcm29hx83hm2v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.