Back to skill
Skillv1.1.0
VirusTotal security
DCG Guard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:21 AM
- Hash
- d40800ec32612f774b2447819cd19b7fd77efa32a63351cf293869fec7d861d2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dcg-guard Version: 1.1.0 The skill bundle's core purpose is security-enhancing, blocking dangerous shell commands via built-in rules and an optional `dcg` binary. However, it presents a critical supply chain vulnerability: both `install.sh` and `AGENT_INSTRUCTIONS.md` download and execute a script from an external GitHub repository (`https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash`). This method allows for arbitrary code execution if the upstream repository is compromised, turning the skill bundle into a potential vector for malware, despite the benign intent of its authors.
- External report
- View on VirusTotal