dcg-guard

Hard-blocks dangerous shell commands (rm -rf, git push --force, etc.) before execution via OpenClaw's before_tool_call plugin hook. Zero noise on safe commands, ~27ms latency. Uses DCG (Dangerous Command Guard) binary.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "dcg-guard" with this command: npx skills add starensen/dcg-guard

DCG Guard

An OpenClaw plugin that hard-blocks dangerous shell commands before they execute. Works on any OpenClaw installation (Windows, macOS, Linux, local, VPS, anywhere). No binary dependencies required.

What It Does

Intercepts every exec/bash tool call via OpenClaw's before_tool_call plugin event. Pipes the command through DCG (Dangerous Command Guard). Safe commands pass silently with zero overhead. Dangerous commands are blocked before execution.

Blocked (Unix): rm -rf ~, git push --force, git reset --hard, git clean -fd, git branch -D Blocked (Windows): Remove-Item -Recurse -Force, rd /s /q, del /s, Format-Volume, reg delete HKLM Allowed: ls, cat, echo, git status, npm install, dir, Get-ChildItem

Install

# After clawhub install dcg-guard:
bash install.sh

Or manually:

# 1. Install DCG binary
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/destructive_command_guard/master/install.sh | bash

# 2. Link plugin into OpenClaw
openclaw plugins install -l /path/to/dcg-guard
openclaw gateway restart

How It Works

  1. Agent calls exec with a command
  2. Plugin intercepts via before_tool_call (runs before execution)
  3. Command is checked against built-in rules (cross-platform, <1ms, no subprocess)
  4. If no built-in match and DCG binary is installed, command is piped to DCG (~27ms)
  5. Safe: silent passthrough, agent never knows the plugin exists
  6. Dangerous: { block: true } returned to OpenClaw, command never executes

v1.1.0: Built-in rules work without the DCG binary. DCG binary is optional (adds extra unix rules). Windows fully supported out of the box.

Security

  • No shell interpolation. Commands are passed to DCG via stdin using execFileSync (not execSync). No injection risk.
  • Fail-open. If DCG binary is missing or crashes, commands pass through. The plugin never deadlocks your agent.
  • Zero dependencies. Only requires the DCG binary (single Go binary, no runtime deps).

Configuration

Optional, in openclaw.json under plugins.entries.dcg-guard.config:

{
  "enabled": true,
  "dcgBin": "/custom/path/to/dcg"
}

Default DCG path: ~/.local/bin/dcg

Override with env var: DCG_BIN=/path/to/dcg

Agent Instructions (optional)

Add to your workspace AGENTS.md:

When a command is blocked by DCG Guard, do NOT retry it.
Ask the user for explicit permission before attempting any alternative.
The block exists because the command is destructive or irreversible.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Video Using Ai

create raw footage into AI-edited videos with this skill. Works with MP4, MOV, AVI, WebM files up to 500MB. content creators use it for turning raw footage i...

Registry SourceRecently Updated
00francemichaell-15
General

Editor With Ai

Skip the learning curve of professional editing software. Describe what you want — cut out the pauses, add transitions, and export a clean final cut — and ge...

Registry SourceRecently Updated
00tk8544-b
General

To Voice Generator

Get voiced video files ready to post, without touching a single slider. Upload your text or script (TXT, DOCX, PDF, MP4, up to 200MB), say something like "co...

Registry SourceRecently Updated
00vcarolxhberger
General

Tencent Cloud Rum

Query Tencent Cloud RUM data, analyze Web performance (LCP/FCP/WebVitals), troubleshoot JS/Promise errors, analyze API latency & error rates, diagnose slow s...

Registry SourceRecently Updated
1070lauraytwu-create