claw-lark Patches
v1.0.0Re-apply custom patches to claw-lark plugin dist files after updates. Use when claw-lark plugin is updated/reinstalled and custom behaviors (requireMention f...
⭐ 0· 458·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as re-applying patches to the claw-lark plugin, and the package contains an apply-patches.sh script plus patch diffs for the plugin's dist files. All required actions (reading/writing files in the plugin dist directory, inserting BOT_OPEN_ID/BOT_NAME) align with the stated purpose.
Instruction Scope
The SKILL.md and scripts instruct the agent/user to run a local shell script that edits specific files under ~/.openclaw/extensions/claw-lark/dist/src and then restart the gateway. That is within scope for a patch applicator. Note: the script embeds BOT_OPEN_ID and BOT_NAME into the patched code (using environment variables or placeholders), and the references file documents a specific app ID and bot open_id (an author-supplied example) — the skill does not request or fetch tenant_access_token, so the user must supply correct identifiers manually.
Install Mechanism
There is no install spec or remote installer. The only executable content is the local apply-patches.sh script (and an inline Node.js patcher). No network downloads or external package installations are performed by the skill itself.
Credentials
The skill does not require credentials or special environment variables. It optionally uses BOT_OPEN_ID and BOT_NAME (non-secret identifiers) and allows CLAW_LARK_DIST to override the target path. The references file includes a concrete App ID and bot open_id (likely the author’s example) — that should not be used as-is; users must supply their own bot identifiers. No high-privilege secrets are requested.
Persistence & Privilege
The skill does not request 'always' presence and does not modify other skills' configs. It writes to the claw-lark plugin files (its intended scope). Be aware that if an agent were allowed to invoke this skill autonomously it could modify those plugin files without an explicit human prompt — that's a function of agent invocation policy, not this skill's content.
Assessment
This skill appears to do exactly what it says: modify local claw-lark dist files to reapply specific patches. Before running it: 1) Backup the target files (or the whole ~/.openclaw/extensions/claw-lark/dist/src) so you can restore if something breaks. 2) Inspect scripts/apply-patches.sh and the patch diffs in references/patch-details.md to ensure the replacements match your installed plugin version (the replacer is a string-replace, so it can silently skip or misapply if the plugin changed). 3) Set BOT_OPEN_ID and BOT_NAME to your bot's values (do not use the example bot_open_id in references); if you don't set BOT_OPEN_ID the script will insert a placeholder which will make the mention-filter behave incorrectly. 4) Run in a staging environment or when you can restart the gateway safely. 5) If you do not want the agent to autonomously modify your plugins, keep model-invocation disabled for this skill or avoid granting it autonomous execution rights. 6) If you have any doubt about owner trust (the package contains the author's sample bot ID), review every replacement the script will perform and consider applying patches manually.Like a lobster shell, security has layers — review code before you run it.
latestvk9761t4sawq2nsxrpazhxg9krn81njfe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.