Latest release: v2.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose and visible code are coherent for branding the OpenClaw Control UI, including asset routes and frontend CSS/JS overlays. The frontend script also forces dark theme settings and hides some UI/help elements, which is more intrusive than basic logos/colors.
Instruction Scope
The install instructions are user-directed, but the documented fallback can run sudo chmod a+rw on the Control UI index.html file, which is an overbroad permission change for a branding plugin.
Install Mechanism
There is no declarative install spec, while SKILL.md asks the user to run a shell installer that may request sudo-based permission changes. Users should inspect the exact script before running it.
Credentials
Injecting CSS/JS into dist/control-ui/index.html is disclosed and purpose-aligned, but it affects the global Control UI served to users and should be treated as a privileged UI mutation.
Persistence & Privilege
The plugin applies injection on service start and the browser script uses a MutationObserver to keep branding applied. That persistence is expected for a UI overlay, but disabling/cleanup should be verified.
Scan Findings in Context
[unicode-control-chars] expected: The readable artifacts do not show prompt-injection instructions; the control characters appear consistent with bundled binary GIF/MP4 media assets.
What to consider before installing
Use this only if you are comfortable with a global Control UI branding patch. Before installing, inspect the shell script, avoid approving chmod a+rw, back up dist/control-ui/index.html, test in a non-production profile, and verify that disabling the plugin removes its injected assets.Verification
Tags
UI Whatsynaptor
This plugin keeps the shipped OpenClaw Control UI intact and injects a small branding layer on top.
Behavior
- Does not replace
dist/control-uibundles. - Injects one stylesheet and one script into
dist/control-ui/index.html. - Serves branding assets from plugin HTTP routes.
- Removes the old legacy
ui-patcherruntime block if it exists. - Cleans up its injector block on plugin stop so disabling the plugin does not leave stale asset references behind.
- If the OpenClaw install is read-only to the current process, logs a warning and continues without mutating the global Control UI files.
What It Can Change
- Browser tab title
- Sidebar brand text
- Sidebar logo
- Topbar background video
- Startup loader video
- Favicon
- Accent colors
- Display/body fonts
- Extra CSS overrides
- Visible
OpenClawwordmarks
What It Intentionally Does Not Change
- Upstream HTML structure
- Upstream JS bundles
- Chat composer behavior
- Sessions/tools/channels panel logic
- New UI features shipped by later OpenClaw releases
Example Config
{
"plugins": {
"entries": {
"ui-whatsynaptor": {
"enabled": true,
"config": {
"enabled": true,
"appName": "OpenClaw Custom",
"browserTitle": "OpenClaw Custom Control",
"sidebarTitle": "OpenClaw Custom",
"sidebarEyebrow": "Control",
"logoUrl": "/plugins/ui-whatsynaptor/assets/brand-logo-uBqNKeuY.gif",
"topbarVideoUrl": "",
"startupVideoUrl": "",
"accentColor": "#5da78b",
"accentHover": "#74b89d",
"accentGlow": "rgba(93, 167, 139, 0.26)",
"fontBody": "\"Manrope\", -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, sans-serif",
"fontDisplay": "\"Saira\", \"Manrope\", sans-serif",
"replaceWordmark": true
}
}
}
}
}
Install
./scripts/install-ui-whatsynaptor.sh
If the installed Control UI index.html is read-only, the installer prompts before running sudo chmod a+rw ....
You can also run the printed command in another terminal, then choose retry in the installer.
Optional state/profile examples:
./scripts/install-ui-whatsynaptor.sh --profile dev
./scripts/install-ui-whatsynaptor.sh --state-dir /data/.openclaw
OPENCLAW_STATE_DIR=/data/.openclaw ./scripts/install-ui-whatsynaptor.sh