ClawHub

DG-LAB

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls an e-stim device, but it lets AI tools and keyword-based message hooks trigger physical stimulation without a clear per-action confirmation step.

Install only if you intentionally want closely supervised AI-assisted control of a DG-Lab e-stim device. Keep emotion mode off unless actively monitored, set low hardware limits in the DG-Lab app, restrict the WebSocket port to trusted networks, do not share QR/control links, and prefer the OpenClaw/NPM install path over the remote shell installer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The hook automatically analyzes outgoing message text and converts it into physical stimulation commands without an explicit per-action user consent step. In this skill's context, the effect is not merely informational: normal agent messaging can directly trigger a connected electrostimulation device, creating a clear safety risk from unintended, manipulated, or contextually inappropriate outputs.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The hook description claims stimulation is based on AI reply emotion, but the implementation processes generic sent message content. That mismatch can cause stimulation on messages beyond the user's expected scope, undermining consent and making the dangerous behavior easier to trigger accidentally or through prompt manipulation.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The README documents an emotion engine that can automatically trigger an electrical stimulation device based on keyword matches in AI replies, using hard-coded Chinese and English cues without clear per-language consent, user confirmation, or robust opt-in boundaries. In the context of software that controls a physical e-stim device, ambiguous multilingual triggers materially increase the risk of unintended activation and physical harm, especially if users do not realize which languages or phrases can cause stimulation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code directly maps emotion classifications such as 'punishing' and 'angry' to punitive waveform generation, but it contains no consent check, safety interlock, user warning, or contextual gating before triggering stimulation behavior. In a skill that interprets assistant text and converts it into device control signals, this makes unsafe or coercive activation plausible from ordinary language output, increasing the risk of non-consensual or unexpectedly intense physical effects.

Missing User Warnings

High
Confidence
97% confidence
Finding
The dg_shock tool directly sends stimulation commands with no warning, confirmation, authentication, or user-presence check before affecting a physical device. Because it is exposed as an agent tool and described as something the AI should use to shock/stimulate the user, a prompt injection, misfire, or model error could immediately produce harmful real-world effects.

Missing User Warnings

High
Confidence
99% confidence
Finding
This hook causes physical stimulation automatically during message sending without any user-facing disclosure at the moment of execution. Automatic hidden actuation is especially dangerous for a device-control skill because the user may not know why stimulation occurred, cannot meaningfully consent per event, and cannot easily distinguish intended behavior from abuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The declarations expose stimulation waveforms including a clearly punitive high-frequency mode without any accompanying safety warnings, contraindications, or usage constraints. In a context that appears to drive physical stimulation hardware, omission of harm disclosures can lead users or downstream developers to invoke unsafe patterns, durations, or intensities without understanding risks such as pain, injury, or misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code exposes a waveform generator explicitly labeled as a punitive, high-frequency sustained stimulation pattern and drives intensity at the maximum level without any embedded safeguards, warnings, consent checks, or context limits. In a device-control skill, generating potentially painful stimulation patterns without user-facing disclosure or safety gating can enable misuse, accidental over-intensity, or non-consensual operation.

Ssd 3

Medium
Confidence
86% confidence
Finding
The command response explicitly returns a local filesystem path for the generated QR image and encourages forwarding it. Exposing internal local paths leaks host environment details such as usernames, home-directory structure, and workspace layout, which can aid reconnaissance and unnecessarily reveals implementation internals to the user.

Ssd 3

Medium
Confidence
87% confidence
Finding
The tool returns the generated QR code's file path in natural language and instructs the model to send it to the user. This leaks local host path information and couples internal storage details to user-visible behavior, increasing information disclosure risk without operational necessity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal