ClawHub

DCG Guard

Security checks across malware telemetry and agentic risk

Overview

DCG Guard appears purpose-built to block dangerous shell commands, but its installer runs unpinned remote code and its advertised controls are not fully implemented.

Install only if you are comfortable with a persistent gateway-level shell-command guard. Do not run the provided curl | bash installer as-is; prefer a pinned and verified DCG release or inspect the installer first. Also verify how to disable or uninstall the plugin, because the advertised enabled/dcgBin config is not implemented in the active code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares install scripts, shell commands, environment-variable configuration, and plugin hooking behavior, but does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: reviewers or platforms may underestimate what the skill can do during install and runtime, especially because it can execute shell-based installation and influence command execution paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose emphasizes a simple guard using the DCG binary, but the file also describes built-in command filtering logic, remote-script installation, OpenClaw plugin installation, and gateway restart. This mismatch is dangerous because users may trust a narrower threat model than the skill actually requires, leading to installation of code with broader system impact than expected.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The module claims it will hard-block dangerous commands, but the Unix-path enforcement depends on an external binary and explicitly fails open on any subprocess error, timeout, parse failure, or missing binary. In a before-tool-call guard, this creates a security bypass where dangerous commands can proceed precisely when the protection layer is unavailable or disrupted.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The installer downloads and immediately executes a remote shell script via curl-pipe-bash. This creates a direct remote code execution path during installation: if the upstream repository, network path, or referenced script is compromised, arbitrary code will run with the installer's privileges. In the context of a security guard plugin, introducing an unchecked remote bootstrapper is especially risky because users may trust it more than ordinary tooling.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell the user to execute a remotely fetched installer directly with `bash`, which gives arbitrary code from a mutable external source immediate execution on the host. In an agent/plugin installation context this is especially dangerous because it can lead to full local compromise, persistence, credential theft, or supply-chain abuse without any review step.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The manual install path uses 'curl | bash' to download and immediately execute a remote script from GitHub without integrity verification, pinning, or warning. If the upstream repository, network path, or referenced branch is compromised, arbitrary code would run on the host during installation.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The documentation explicitly says safe commands pass silently and the agent never knows the plugin exists. Hidden interception of tool calls reduces transparency, can complicate incident response, and may mask policy enforcement or failures in ways that are unsafe for users and downstream agents.

Missing User Warnings

High
Confidence
99% confidence
Finding
Executing a remote script without prior confirmation or safety warning removes an important trust boundary and gives the operator no chance to review what will run. This materially increases the likelihood of silent compromise, especially because installation scripts often run in privileged environments.

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

# Create plugin directory
mkdir -p ~/clawd/plugins/dcg-guard
Confidence
96% confidence
Finding
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# 1. Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

# 2. Link plugin into OpenClaw
openclaw plugins install -l /path/to/dcg-guard
Confidence
97% confidence
Finding
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

# Create plugin directory
mkdir -p ~/clawd/plugins/dcg-guard
Confidence
98% confidence
Finding
| bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 1. Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

# 2. Link plugin into OpenClaw
openclaw plugins install -l /path/to/dcg-guard
Confidence
98% confidence
Finding
| bash

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal