← 返回 Skills 市场
768
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install dcg-guard
功能描述
Hard-blocks dangerous shell commands (rm -rf, git push --force, etc.) before execution via OpenClaw's before_tool_call plugin hook. Zero noise on safe comman...
使用说明 (SKILL.md)
DCG Guard
An OpenClaw plugin that hard-blocks dangerous shell commands before they execute. Works on any OpenClaw installation (Windows, macOS, Linux, local, VPS, anywhere). No binary dependencies required.
What It Does
Intercepts every exec/bash tool call via OpenClaw's before_tool_call plugin event. Pipes the command through DCG (Dangerous Command Guard). Safe commands pass silently with zero overhead. Dangerous commands are blocked before execution.
Blocked (Unix): rm -rf ~, git push --force, git reset --hard, git clean -fd, git branch -D
Blocked (Windows): Remove-Item -Recurse -Force, rd /s /q, del /s, Format-Volume, reg delete HKLM
Allowed: ls, cat, echo, git status, npm install, dir, Get-ChildItem
Install
# After clawhub install dcg-guard:
bash install.sh
Or manually:
# 1. Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash
# 2. Link plugin into OpenClaw
openclaw plugins install -l /path/to/dcg-guard
openclaw gateway restart
How It Works
- Agent calls
execwith a command - Plugin intercepts via
before_tool_call(runs before execution) - Command is checked against built-in rules (cross-platform, \x3C1ms, no subprocess)
- If no built-in match and DCG binary is installed, command is piped to DCG (~27ms)
- Safe: silent passthrough, agent never knows the plugin exists
- Dangerous:
{ block: true }returned to OpenClaw, command never executes
v1.1.0: Built-in rules work without the DCG binary. DCG binary is optional (adds extra unix rules). Windows fully supported out of the box.
Security
- No shell interpolation. Commands are passed to DCG via stdin using
execFileSync(notexecSync). No injection risk. - Fail-open. If DCG binary is missing or crashes, commands pass through. The plugin never deadlocks your agent.
- Zero dependencies. Only requires the DCG binary (single Go binary, no runtime deps).
Configuration
Optional, in openclaw.json under plugins.entries.dcg-guard.config:
{
"enabled": true,
"dcgBin": "/custom/path/to/dcg"
}
Default DCG path: ~/.local/bin/dcg
Override with env var: DCG_BIN=/path/to/dcg
Agent Instructions (optional)
Add to your workspace AGENTS.md:
When a command is blocked by DCG Guard, do NOT retry it.
Ask the user for explicit permission before attempting any alternative.
The block exists because the command is destructive or irreversible.
安全使用建议
This plugin appears to implement a destructive-command blocker and mostly matches its description, but review a few things before installing: 1) The install process runs a remote script via curl | bash from a third-party GitHub repo — inspect that install.sh and the DCG project's repository (https://github.com/Dicklesworthstone/destructive_command_guard) yourself before piping to shell. 2) The registry metadata claims 'dcg' as required even though the code includes built-in rules and treats the DCG binary as optional; confirm whether you want the external binary installed. 3) SKILL.md claims use of execFileSync (no shell interpolation) but the Windows hybrid file imports execSync — a minor inconsistency worth auditing (it may be safe, but confirm the binary invocation doesn't invoke a shell in an unsafe way). 4) Understand that the plugin silently blocks commands at the gateway; agents won't see the plugin and may need explicit handling of block responses. If you decide to install, prefer manually downloading and inspecting the DCG installer and plugin files, avoid blindly running curl|bash, and verify the plugin in a safe environment before using in production.
功能分析
Type: OpenClaw Skill
Name: dcg-guard
Version: 1.1.0
The skill bundle's core purpose is security-enhancing, blocking dangerous shell commands via built-in rules and an optional `dcg` binary. However, it presents a critical supply chain vulnerability: both `install.sh` and `AGENT_INSTRUCTIONS.md` download and execute a script from an external GitHub repository (`https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash`). This method allows for arbitrary code execution if the upstream repository is compromised, turning the skill bundle into a potential vector for malware, despite the benign intent of its authors.
能力评估
Purpose & Capability
The code and instructions implement a before_tool_call plugin that blocks destructive shell commands, which matches the name/description. However there are small inconsistencies: registry metadata lists a required binary 'dcg' even though the bundled code and SKILL.md state built-in rules work without DCG and the binary is optional. SKILL.md also contains a contradictory line saying "No binary dependencies required."
Instruction Scope
SKILL.md and AGENT_INSTRUCTIONS.md scope the behavior to intercepting exec/bash tool calls and blocking destructive commands; they do not instruct reading unrelated files or exfiltrating data. Note: the docs emphasize the plugin blocks silently (agent 'never knows the plugin exists'), which is a privileged behavior but consistent with the plugin's purpose.
Install Mechanism
The provided install.sh (and SKILL.md examples) download and pipe a script from raw.githubusercontent.com (curl | bash). While GitHub Raw is a common host, executing a remote script without manual review is high-risk. There is no signed release or checksum provided; the install is instruction-only in the registry (no verified package distribution).
Credentials
The skill requests no credentials or special environment variables. DCG_BIN is an optional override. The requested privileges (installing a plugin, restarting the gateway) are proportional to the plugin's function.
Persistence & Privilege
The plugin registers a before_tool_call hook and therefore can block commands—this is expected for a guard plugin. always:false (not force-included). Be aware blocking is silent by design, so agents may retry or behave unexpectedly unless configured to surface plugin blocks.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install dcg-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/dcg-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Cross-platform: 30+ built-in rules for Windows (PowerShell/cmd) + Unix. No binary dependency required. DCG binary optional as fallback. execFileSync for injection safety.
v1.0.1
Security fix: replaced execSync with execFileSync (no shell interpolation). Generic block messages. Cleaned up for vanilla OpenClaw.
v1.0.0
Initial release: hard-blocks dangerous shell commands via OpenClaw before_tool_call plugin hook + DCG binary
元数据
常见问题
DCG Guard 是什么?
Hard-blocks dangerous shell commands (rm -rf, git push --force, etc.) before execution via OpenClaw's before_tool_call plugin hook. Zero noise on safe comman... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 768 次。
如何安装 DCG Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install dcg-guard」即可一键安装,无需额外配置。
DCG Guard 是免费的吗?
是的,DCG Guard 完全免费(开源免费),可自由下载、安装和使用。
DCG Guard 支持哪些平台?
DCG Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 DCG Guard?
由 StarenseN(@starensen)开发并维护,当前版本 v1.1.0。
推荐 Skills