ClawHub

DG-LAB Control

v1.0.0

Control DG-LAB Coyote 3.0 (郊狼) pulse device via WebSocket. Manage strength, send waveform patterns, handle device pairing. Use when the user mentions 郊狼, DG-...

0· 167·0 current·0 all-time
by@yuuluo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (DG-LAB device control) align with requested binaries (python3, node, npm), provided scripts (ws_client.py, waveform.py) and the SKILL.md workflow which clones/starts a relay server and runs a local Python controller. The requested tooling and files are proportional to the stated purpose.
Instruction Scope
SKILL.md gives precise runtime steps: environment checks, optionally pip-installing websockets, cloning a GitHub relay repo, npm install/start, and launching ws_client.py which exposes a local HTTP API. This is in-scope. Important caveat: ws_client accepts a ws-url parameter — if the agent or user supplies a non-local ws_url (not the intended local relay), control traffic would go to a remote relay and data could leave the machine. The instructions do emphasize running the relay locally, but rely on operator/agent discipline.
Install Mechanism
The skill is instruction-only (no platform install spec), but instructs cloning https://github.com/DG-LAB-OPENSOURCE/DG-LAB-OPENSOURCE.git and running npm install / npm start. Downloading and running third-party GitHub code is expected for the relay server but increases risk—users should review that repository and its package.json/start scripts before running.
Credentials
No environment variables or credentials are requested. The workflow uses only local loopback (127.0.0.1) by default. The only external interactions are (1) cloning the relay repo from GitHub during setup and (2) generating a QR URL that points to the device app/download page combined with the ws_url; both are consistent with pairing functionality.
Persistence & Privilege
The skill launches persistent local processes (a Node relay server and a Python ws_client background process listening on 127.0.0.1:8899). always:false (not force-installed). This creates long-running local listeners and files under ~/DG-LAB-OPENSOURCE; that is reasonable for device control but users should be aware of the persistent processes and their startup commands.
Scan Findings in Context
[no_findings] expected: Static pre-scan reported no injection signals. The included Python files show expected behavior for waveform generation, validation, and a local HTTP/WebSocket controller; no suspicious network calls, environment access, or credential usage are present in the provided files.
Assessment
This skill appears to be coherent with its purpose, but take these precautions before installing or running it: - Review the GitHub relay repo (https://github.com/DG-LAB-OPENSOURCE/DG-LAB-OPENSOURCE) before running npm install / npm start — npm scripts can execute arbitrary code. Check package.json and startup scripts. - Only use the default/local relay (ws://localhost:9999) unless you explicitly trust a remote relay. If a non-local ws_url is used, device control messages and pairing data can leave your machine. - Be aware this launches persistent local services and creates a ~/DG-LAB-OPENSOURCE directory; stop/remove them if you no longer want the processes running. - The skill deals with an e-stim medical device: follow the included safety checks and do not bypass the confirmation step. If you have medical conditions or implants, do not use the device. - If you are uncomfortable running third-party server code locally, consider running the relay in a sandboxed/isolated environment (VM) or manually reviewing the repo before proceeding. If you want, I can summarize the repository's package.json/start commands (if you provide it) or show the exact HTTP endpoints and payload formats to review before you run anything.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxvvxxwdnxq3wm3wy91cqv982xgwp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binspython3, node, npm

Comments