diff --git a/lib/transcript.yml b/lib/transcript.yml
index e1f5f4f0..9e149ac6 100644
--- a/lib/transcript.yml
+++ b/lib/transcript.yml
@@ -123,6 +123,13 @@ messages:
     invaliduser: Hmmmmmmmm THAT'S NOT A REAL USER!!!! What are you trying to pull here????
     userArg: <@${this.userArg}>'s scrapbook is ${this.scrapbookLink}
     self: Your scrapbook profile is ${this.scrapbookLink}
+  steal:
+    'invaliduser': Hmmmmmmmm THAT'S NOT A REAL USER!!!! What are you trying to pull here???? I don't like it :(
+    'done': <@${this.victimUser}>'s CSS is now live on your profile!
+    'noargs':
+      - |
+        You can't steal CSS from no one :facepalm: Make sure to mention someone after the command.
+    'empty': <@${this.victimUser}>'s custom CSS is empty, try another person.
   profileUpdate: Your profile details have been updated! ${this.scrapbookLink}
   assetReady: <@${this.user}> Your video has been processed and is live on your scrapbook!
   errors:
diff --git a/pages/api/slack/commands/index.js b/pages/api/slack/commands/index.js
index 3b481720..bb55253f 100644
--- a/pages/api/slack/commands/index.js
+++ b/pages/api/slack/commands/index.js
@@ -31,6 +31,9 @@ export default async (req, res) => {
     case 'open':
       method = 'open'
       break
+    case 'steal-css':
+      method = 'steal'
+      break
     case 'help':
     case '':
       method = 'help'
diff --git a/pages/api/slack/commands/steal.js b/pages/api/slack/commands/steal.js
new file mode 100644
index 00000000..896deb8d
--- /dev/null
+++ b/pages/api/slack/commands/steal.js
@@ -0,0 +1,41 @@
+import {
+  unverifiedRequest,
+  getUserRecord,
+  accountsTable,
+  sendCommandResponse,
+  t
+} from '../../../../lib/api-utils'
+
+export default async (req, res) => {
+  if (unverifiedRequest(req))
+    return res.status(400).send('Unverified Slack request!')
+  else res.status(200).end()
+
+  const { user_id, response_url, text } = req.body
+  console.log('victim text', text)
+  const action = text.split(' ')[1]
+  const victimUser = text.split(' ')[2]?.split('@')[1].split('|')[0]
+  console.log('victim user', victimUser)
+
+  if (!action || !victimUser) {
+    return sendCommandResponse(response_url, t('messages.steal.noargs'))
+  }
+
+  let userRecord
+  try {
+    userRecord = await getUserRecord(user_id)
+  } catch {
+    return sendCommandResponse(response_url, t('messages.steal.invaliduser'))
+  }
+  const victimUserRecord = await getUserRecord(victimUser)
+  const newCSS = victimUserRecord.fields['CSS URL']
+
+  if ((newCSS = '')) {
+    sendCommandResponse(response_url, t(`messages.steal.empty`, { victimUser }))
+  }
+
+  await Promise.all([
+    accountsTable.update(userRecord.id, { 'CSS URL': newCSS }),
+    sendCommandResponse(response_url, t(`messages.steal.done`, { victimUser }))
+  ])
+}