ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DCG Guard

v1.1.0

Hard-blocks dangerous shell commands (rm -rf, git push --force, etc.) before execution via OpenClaw's before_tool_call plugin hook. Zero noise on safe comman...

0· 687·0 current·0 all-time
by@starensen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and instructions implement a before_tool_call plugin that blocks destructive shell commands, which matches the name/description. However there are small inconsistencies: registry metadata lists a required binary 'dcg' even though the bundled code and SKILL.md state built-in rules work without DCG and the binary is optional. SKILL.md also contains a contradictory line saying "No binary dependencies required."
Instruction Scope
SKILL.md and AGENT_INSTRUCTIONS.md scope the behavior to intercepting exec/bash tool calls and blocking destructive commands; they do not instruct reading unrelated files or exfiltrating data. Note: the docs emphasize the plugin blocks silently (agent 'never knows the plugin exists'), which is a privileged behavior but consistent with the plugin's purpose.
!
Install Mechanism
The provided install.sh (and SKILL.md examples) download and pipe a script from raw.githubusercontent.com (curl | bash). While GitHub Raw is a common host, executing a remote script without manual review is high-risk. There is no signed release or checksum provided; the install is instruction-only in the registry (no verified package distribution).
Credentials
The skill requests no credentials or special environment variables. DCG_BIN is an optional override. The requested privileges (installing a plugin, restarting the gateway) are proportional to the plugin's function.
Persistence & Privilege
The plugin registers a before_tool_call hook and therefore can block commands—this is expected for a guard plugin. always:false (not force-included). Be aware blocking is silent by design, so agents may retry or behave unexpectedly unless configured to surface plugin blocks.
What to consider before installing
This plugin appears to implement a destructive-command blocker and mostly matches its description, but review a few things before installing: 1) The install process runs a remote script via curl | bash from a third-party GitHub repo — inspect that install.sh and the DCG project's repository (https://github.com/Dicklesworthstone/destructive_command_guard) yourself before piping to shell. 2) The registry metadata claims 'dcg' as required even though the code includes built-in rules and treats the DCG binary as optional; confirm whether you want the external binary installed. 3) SKILL.md claims use of execFileSync (no shell interpolation) but the Windows hybrid file imports execSync — a minor inconsistency worth auditing (it may be safe, but confirm the binary invocation doesn't invoke a shell in an unsafe way). 4) Understand that the plugin silently blocks commands at the gateway; agents won't see the plugin and may need explicit handling of block responses. If you decide to install, prefer manually downloading and inspecting the DCG installer and plugin files, avoid blindly running curl|bash, and verify the plugin in a safe environment before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kpfar8ssttrqz5skxhkqfh81hmtp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsdcg

Comments