Pluginv1.0.3

ClawScan security

DG-Lab V3 Controller · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 2:00 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin’s code, commands, and requirements are consistent with its stated purpose (remote WebSocket control of DG‑Lab V3 and an AI-driven 'emotion' engine), but it carries safety and network‑exposure risks you should consider before installing.
Guidance: This plugin appears to do what it says, but it controls real electrical stimulation hardware and requires network exposure — both are safety-sensitive. Before installing: (1) Review the remote install.sh (do not run it blindly). (2) Prefer local-only or VPN/SSH-tunneled access rather than exposing TCP/18888 to the public Internet. (3) Set and verify hardware-side safety limits in the official DG‑Lab App (the software limit is not a substitute). (4) Keep `/dg_emotion` off until you understand and test behavior; test every command at the lowest intensity and confirm the plugin’s behavior in a controlled environment. (5) Inspect the included code (dist/*.js) if you can, or run the plugin in an isolated VM/container if you must expose a port. (6) Verify the QR pairing URL (it uses https://www.dungeon-lab.com) matches the official ecosystem you expect. If you are uncomfortable with network exposure or autonomous AI-triggered stimulation, do not install or only enable with strict network controls and supervision.

Review Dimensions

Purpose & Capability: okName/description match the included code: a WebSocket server, QR pairing, waveform library, emotion engine, and AI-invocable commands. It does not request unrelated credentials or unusual binaries.
Instruction Scope: concernRuntime instructions and code include automation that can trigger electrical stimulation (emotion engine / dg_shock) and will auto-load waveform files from the plugin data directory. The SKILL.md explicitly asks you to open/forward a public port and run a remote install script; opening a public port exposes the device control endpoint to the network. The automatic 'emotion' mode can autonomously send stimulation based on AI replies — a real physical-safety hazard that is consistent with the feature set but must be controlled consciously.
Install Mechanism: noteRegistry lists no formal install spec, but SKILL.md recommends running a one‑line installer fetched via curl from raw.githubusercontent.com. That host is common for open-source projects, but executing a remote script is higher risk than an express package install; review the install.sh content before running.
Credentials: okThe skill does not request environment variables, secrets, or unrelated credentials. It reads files under the user's home plugin/data and writes QR images to a media directory, which is appropriate for this plugin's function.
Persistence & Privilege: noteThe plugin registers a long-running service (WebSocket server) inside the OpenClaw Gateway process and requires opening/forwarding a port; this persistent network presence is expected for remote device control but increases attack surface. always:false, and it does not request elevated system-wide privileges or modify other skills.