ClawHub
Back to skill
v1.1.0

DCG Guard

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:54 AM.

Analysis

DCG Guard appears to be a real shell-command safety plugin, but its artifacts include risky install and verification instructions that deserve review before use.

GuidanceBefore installing, review or pin the DCG upstream installer, avoid the provided rm -rf verification command, and confirm you understand that this persistent plugin can block shell commands but also fails open in some cases.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
AGENT_INSTRUCTIONS.md
Run this in your agent: exec: rm -rf /home/test

The verification instructions ask the agent/user to run a real recursive delete command. If the plugin is not installed, not registered, or fails open, the command could execute instead of being blocked.

User impactA test step meant to prove the guard works could delete real files or directories if the guard is not active.
RecommendationDo not verify with real destructive paths. Use a dry-run/simulated hook, or create a clearly disposable temporary directory and confirm the guard is active before any destructive test.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
install.sh
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

The installer executes a remote script from a mutable GitHub branch without a pinned commit, checksum, or included copy of the installer.

User impactIf the upstream repository, branch, or network path is compromised or changes unexpectedly, installation could run different code on the user's machine.
RecommendationReview the remote installer before running it, pin to a specific commit or release, verify checksums/signatures where available, and avoid curl-to-bash installation for unattended agent setup.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
index.ts
api.on("before_tool_call", ... if (!SHELL_TOOLS.has(toolName.toLowerCase())) return; ... return { block: true, blockReason: ... }

The plugin registers a gateway-level hook that inspects exec/bash calls and can block them. This is the advertised purpose, but it is broad control over shell tool behavior.

User impactThe plugin can prevent future shell commands from running when its rules match, including false positives.
RecommendationInstall only if you want gateway-level command blocking, and confirm how to disable or remove the plugin if it blocks legitimate work.
Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Fail-open. If DCG binary is missing or crashes, commands pass through.

The skill is described as hard-blocking dangerous commands, but it also discloses a fail-open mode. Users should not treat it as a complete guarantee that every dangerous command will be stopped.

User impactA user or agent may over-rely on the guard and assume unsafe commands cannot run.
RecommendationTreat this as an additional safety layer, not a substitute for user review, backups, least privilege, and cautious command approval.