← Back to Skills Marketplace
starensen

DCG Guard

by StarenseN · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
768
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install dcg-guard
Description
Hard-blocks dangerous shell commands (rm -rf, git push --force, etc.) before execution via OpenClaw's before_tool_call plugin hook. Zero noise on safe comman...
README (SKILL.md)

DCG Guard

An OpenClaw plugin that hard-blocks dangerous shell commands before they execute. Works on any OpenClaw installation (Windows, macOS, Linux, local, VPS, anywhere). No binary dependencies required.

What It Does

Intercepts every exec/bash tool call via OpenClaw's before_tool_call plugin event. Pipes the command through DCG (Dangerous Command Guard). Safe commands pass silently with zero overhead. Dangerous commands are blocked before execution.

Blocked (Unix): rm -rf ~, git push --force, git reset --hard, git clean -fd, git branch -D Blocked (Windows): Remove-Item -Recurse -Force, rd /s /q, del /s, Format-Volume, reg delete HKLM Allowed: ls, cat, echo, git status, npm install, dir, Get-ChildItem

Install

# After clawhub install dcg-guard:
bash install.sh

Or manually:

# 1. Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

# 2. Link plugin into OpenClaw
openclaw plugins install -l /path/to/dcg-guard
openclaw gateway restart

How It Works

  1. Agent calls exec with a command
  2. Plugin intercepts via before_tool_call (runs before execution)
  3. Command is checked against built-in rules (cross-platform, \x3C1ms, no subprocess)
  4. If no built-in match and DCG binary is installed, command is piped to DCG (~27ms)
  5. Safe: silent passthrough, agent never knows the plugin exists
  6. Dangerous: { block: true } returned to OpenClaw, command never executes

v1.1.0: Built-in rules work without the DCG binary. DCG binary is optional (adds extra unix rules). Windows fully supported out of the box.

Security

  • No shell interpolation. Commands are passed to DCG via stdin using execFileSync (not execSync). No injection risk.
  • Fail-open. If DCG binary is missing or crashes, commands pass through. The plugin never deadlocks your agent.
  • Zero dependencies. Only requires the DCG binary (single Go binary, no runtime deps).

Configuration

Optional, in openclaw.json under plugins.entries.dcg-guard.config:

{
  "enabled": true,
  "dcgBin": "/custom/path/to/dcg"
}

Default DCG path: ~/.local/bin/dcg

Override with env var: DCG_BIN=/path/to/dcg

Agent Instructions (optional)

Add to your workspace AGENTS.md:

When a command is blocked by DCG Guard, do NOT retry it.
Ask the user for explicit permission before attempting any alternative.
The block exists because the command is destructive or irreversible.
Usage Guidance
This plugin appears to implement a destructive-command blocker and mostly matches its description, but review a few things before installing: 1) The install process runs a remote script via curl | bash from a third-party GitHub repo — inspect that install.sh and the DCG project's repository (https://github.com/Dicklesworthstone/destructive_command_guard) yourself before piping to shell. 2) The registry metadata claims 'dcg' as required even though the code includes built-in rules and treats the DCG binary as optional; confirm whether you want the external binary installed. 3) SKILL.md claims use of execFileSync (no shell interpolation) but the Windows hybrid file imports execSync — a minor inconsistency worth auditing (it may be safe, but confirm the binary invocation doesn't invoke a shell in an unsafe way). 4) Understand that the plugin silently blocks commands at the gateway; agents won't see the plugin and may need explicit handling of block responses. If you decide to install, prefer manually downloading and inspecting the DCG installer and plugin files, avoid blindly running curl|bash, and verify the plugin in a safe environment before using in production.
Capability Analysis
Type: OpenClaw Skill Name: dcg-guard Version: 1.1.0 The skill bundle's core purpose is security-enhancing, blocking dangerous shell commands via built-in rules and an optional `dcg` binary. However, it presents a critical supply chain vulnerability: both `install.sh` and `AGENT_INSTRUCTIONS.md` download and execute a script from an external GitHub repository (`https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash`). This method allows for arbitrary code execution if the upstream repository is compromised, turning the skill bundle into a potential vector for malware, despite the benign intent of its authors.
Capability Assessment
Purpose & Capability
The code and instructions implement a before_tool_call plugin that blocks destructive shell commands, which matches the name/description. However there are small inconsistencies: registry metadata lists a required binary 'dcg' even though the bundled code and SKILL.md state built-in rules work without DCG and the binary is optional. SKILL.md also contains a contradictory line saying "No binary dependencies required."
Instruction Scope
SKILL.md and AGENT_INSTRUCTIONS.md scope the behavior to intercepting exec/bash tool calls and blocking destructive commands; they do not instruct reading unrelated files or exfiltrating data. Note: the docs emphasize the plugin blocks silently (agent 'never knows the plugin exists'), which is a privileged behavior but consistent with the plugin's purpose.
Install Mechanism
The provided install.sh (and SKILL.md examples) download and pipe a script from raw.githubusercontent.com (curl | bash). While GitHub Raw is a common host, executing a remote script without manual review is high-risk. There is no signed release or checksum provided; the install is instruction-only in the registry (no verified package distribution).
Credentials
The skill requests no credentials or special environment variables. DCG_BIN is an optional override. The requested privileges (installing a plugin, restarting the gateway) are proportional to the plugin's function.
Persistence & Privilege
The plugin registers a before_tool_call hook and therefore can block commands—this is expected for a guard plugin. always:false (not force-included). Be aware blocking is silent by design, so agents may retry or behave unexpectedly unless configured to surface plugin blocks.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install dcg-guard
  3. After installation, invoke the skill by name or use /dcg-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Cross-platform: 30+ built-in rules for Windows (PowerShell/cmd) + Unix. No binary dependency required. DCG binary optional as fallback. execFileSync for injection safety.
v1.0.1
Security fix: replaced execSync with execFileSync (no shell interpolation). Generic block messages. Cleaned up for vanilla OpenClaw.
v1.0.0
Initial release: hard-blocks dangerous shell commands via OpenClaw before_tool_call plugin hook + DCG binary
Metadata
Slug dcg-guard
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is DCG Guard?

Hard-blocks dangerous shell commands (rm -rf, git push --force, etc.) before execution via OpenClaw's before_tool_call plugin hook. Zero noise on safe comman... It is an AI Agent Skill for Claude Code / OpenClaw, with 768 downloads so far.

How do I install DCG Guard?

Run "/install dcg-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DCG Guard free?

Yes, DCG Guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does DCG Guard support?

DCG Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created DCG Guard?

It is built and maintained by StarenseN (@starensen); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments