Intiface Control

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls intimate Bluetooth devices, but it needs review because it gives an agent direct physical-control commands without clear consent or confirmation steps.

Install only if you intentionally want OpenClaw to control connected intimate devices. Before any use, list connected devices, verify the exact target, require explicit approval for every start or strength change, prefer low strength and short timed sessions, keep the Intiface server bound to localhost, and stop Intiface Central when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill enables natural-language control of intimate BLE devices through a local WebSocket service and Bluetooth interactions, but it does not prominently warn users that using the skill will send real control commands to physical devices. In this context, missing consent and safety warnings increase the risk of unintended activation, surprise stimulation, privacy concerns, and unsafe operation if the agent acts on ambiguous prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal