DG-LAB Control
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is clearly designed to control a DG-LAB pulse device and includes safety steps, but users should understand it runs background services and can send real device-control commands.
Install only if you intentionally want an agent to control this DG-LAB device. Review the external relay-server install, keep the controller local, complete the safety and channel confirmations before any output, start with low strength, and stop the background services when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent can send real electrical-stimulation commands to connected channels.
The skill exposes commands that can directly change strength, send waveform patterns, and stop output on a physical pulse device.
POST /strength ... POST /waveform ... POST /emergency-stop ... 双通道强度归零 + 清空波形队列
Only use this skill while present and attentive, confirm channel placement and safety questions, start at low strength, and use emergency stop immediately if anything feels wrong.
The skill depends on external code and package-resolution behavior outside the reviewed artifact bundle.
The setup flow asks the agent to clone an external repository and install npm dependencies for the relay server.
cd ~ && git clone https://github.com/DG-LAB-OPENSOURCE/DG-LAB-OPENSOURCE.git ... npm install
Review the external repository and dependency install before first use, and prefer pinned or trusted versions where possible.
Installing and using the skill runs local code that keeps listening for control requests while active.
The normal workflow starts a Node relay server and Python controller as background processes.
cd ~/DG-LAB-OPENSOURCE/socket/v2/backend && npm start & python scripts/ws_client.py --ws-url ws://localhost:9999 --strength-limit 50 &
Run it only in a trusted local environment and stop the controller/relay when the session is over.
The controller may continue running after initial setup unless explicitly stopped.
The controller is intentionally long-running and reconnects automatically, which is expected for device control but should be visible to the user.
`ws_client.py` 是常驻后台进程 ... WebSocket 断连后自动每 3 秒尝试重连
Use the documented stop flow or terminate the background processes after use, especially before leaving the device connected.